Stored XSS vulnerability in Genesis Blocks WordPress plugin
CVE-2024-2761
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 19 April 2024
Badges
Summary
The Genesis Blocks WordPress plugin, prior to version 3.1.3, contains a vulnerability that arises from improper data escaping in its block functionalities. This security flaw permits users with contributor privileges to execute Stored Cross-Site Scripting (XSS) attacks. As a result, an attacker could inject malicious scripts into content that is then served to other users, potentially compromising sensitive data and undermining the integrity of the affected WordPress site. Implementing updates and ensuring proper input sanitation is crucial in mitigating this security concern.
Affected Version(s)
Genesis Blocks 0 < 3.1.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved