Stored Cross-Site Scripting Vulnerability in Kadence Blocks Plugin for WordPress
CVE-2024-0598
4.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 9 April 2024
What is CVE-2024-0598?
The Kadence Blocks plugin for WordPress is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This flaw arises from inadequate input sanitization and output escaping in the contact form message settings, enabling authenticated attackers, holding editor-level access or higher, to inject malicious web scripts into pages. Consequently, these scripts execute when any user accesses the compromised page, significantly affecting multi-site installations and those prohibiting unfiltered HTML.
Affected Version(s)
Kadence Blocks β Page Builder Toolkit for Gutenberg Editor 0 <= 3.2.17