Reflected XSS Vulnerability in Block Editor Bootstrap Blocks
CVE-2024-11402

7.1HIGH

Key Information:

Vendor: WordPress
Status: Block Editor Bootstrap Blocks
Vendor: CVE Published:; 28 November 2024

What is CVE-2024-11402?

A vulnerability exists in the WP-speedup Block Editor Bootstrap Blocks, specifically related to improper neutralization of user input during the generation of web pages. This vulnerability results in a Reflected Cross-Site Scripting (XSS) issue, allowing an attacker to inject and execute arbitrary scripts in the context of a user's browser session. Attackers can exploit this vulnerability to manipulate web content and gain unauthorized access to sensitive information, making this a significant concern for users of affected versions of the product.

Affected Version(s)

Block Editor Bootstrap Blocks <= 6.6.1

References

https://patchstack.com/database/wordpress/plugin/block-ed...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2024
Vulnerability Reserved
Nov 19, 2024

Credit

Le Ngoc Anh (Patchstack Alliance)