Stored Cross-Site Scripting in All Bootstrap Blocks Plugin for WordPress
CVE-2024-13549
5.4MEDIUM
What is CVE-2024-13549?
The All Bootstrap Blocks plugin for WordPress is susceptible to stored cross-site scripting through the 'Accordion' widget. This vulnerability exists in all versions up to and including 1.3.26 due to inadequate input sanitization and output escaping. Authenticated attackers with Contributor-level access and above can exploit this vulnerability to inject malicious scripts, which execute when a user accesses compromised pages, posing a significant security risk.
Affected Version(s)
All Bootstrap Blocks * <= 1.3.26