Stored Cross-Site Scripting Vulnerability in The Post Grid Gutenberg Blocks for WordPress
CVE-2024-4305
Currently unrated
What is CVE-2024-4305?
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected Version(s)
Post Grid Gutenberg Blocks and WordPress Blog Plugin 0 < 4.1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.