Reflected XSS Vulnerability in The Plus Blocks for Block Editor | Gutenberg
CVE-2024-30435

7.1HIGH

Key Information:

Vendor: WordPress
Status: The Plus Blocks For Block Editor | Gutenberg
Vendor: CVE Published:; 29 March 2024

Summary

The Plus Blocks for Block Editor | Gutenberg, developed by POSIMYTH, is affected by a reflected cross-site scripting (XSS) vulnerability that arises from improper neutralization of input during web page generation. This weakness allows malicious users to manipulate web content, potentially leading to unauthorized access to sensitive user data. The vulnerability impacts various versions of the plugin, including those prior to 3.2.5, underscoring the necessity for users to update to secure versions to mitigate risks. Proper input validation and sanitization practices are essential for safeguarding applications against such attacks.

Affected Version(s)

The Plus Blocks for Block Editor | Gutenberg <= 3.2.5

References

https://patchstack.com/database/vulnerability/the-plus-ad...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 29, 2024

Credit

LVT-tholv2k (Patchstack Alliance)