Stored Cross-Site Scripting Vulnerability in Ultimate Blocks Plugin for WordPress
CVE-2024-3513
5.4MEDIUM
What is CVE-2024-3513?
The Ultimate Blocks plugin for WordPress is susceptible to a stored cross-site scripting attack through the title tag parameter. This vulnerability stems from inadequate input sanitization and output escaping, allowing authenticated attackers with contributor access or higher to introduce arbitrary web scripts. These scripts may execute in the context of the user when they visit a compromised page, potentially leading to unauthorized actions or data exposure.