Stored XSS vulnerability in Genesis Blocks WordPress plugin
CVE-2024-2761

Currently unrated

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
19 April 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Genesis Blocks WordPress plugin, prior to version 3.1.3, contains a vulnerability that arises from improper data escaping in its block functionalities. This security flaw permits users with contributor privileges to execute Stored Cross-Site Scripting (XSS) attacks. As a result, an attacker could inject malicious scripts into content that is then served to other users, potentially compromising sensitive data and undermining the integrity of the affected WordPress site. Implementing updates and ensuring proper input sanitation is crucial in mitigating this security concern.

Affected Version(s)

Genesis Blocks 0 < 3.1.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dmitrii Ignatyev
WPScan
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.