Stored Cross-Site Scripting Vulnerability in Gutenberg Blocks by Kadence WP
CVE-2024-4209

6.4MEDIUM

Key Information:

Vendor: WordPress
Status: Gutenberg Blocks With Ai By Kadence WP – Page Builder Features
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-4209?

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress has a vulnerability that allows authenticated attackers, with contributor-level access and higher, to perform Stored Cross-Site Scripting. This vulnerability occurs due to inadequate input sanitization and output escaping of user-supplied attributes within the countdown timer feature. Consequently, attackers can inject malicious web scripts that execute when users visit an affected page, posing significant risks to user data and site integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Gutenberg Blocks with AI by Kadence WP – Page Builder Features * <= 3.2.36

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/kadence-blocks...

https://plugins.trac.wordpress.org/changeset/3083616/kade...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 14, 2024

JSON

WordPress