Stored Cross-Site Scripting Vulnerability in SKT Blocks Page Builder Plugin for WordPress
CVE-2024-13733

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Skt Blocks – Gutenberg Based Page Builder
Vendor: CVE Published:; 4 February 2025

What is CVE-2024-13733?

The SKT Blocks - Gutenberg based Page Builder plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability. This issue arises from insufficient input sanitization and output escaping on user-supplied attributes within the plugin's skt-blocks/post-carousel block. As a result, authenticated attackers with contributor-level access and higher can exploit this weakness to inject malicious web scripts. These scripts will be executed whenever users access the compromised pages, posing a significant risk to site integrity and user data.

Affected Version(s)

SKT Blocks – Gutenberg based Page Builder * <= 1.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/skt-blocks/tru...

https://wordpress.org/plugins/skt-blocks

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Jan 24, 2025

Credit

Djaidja Moundjid