Cross-site Scripting Vulnerability in CozyThemes Cozy Blocks for WordPress
CVE-2024-50441

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Cozy Blocks
Vendor: CVE Published:; 28 October 2024

What is CVE-2024-50441?

The CozyBlocks plugin for WordPress developed by CozyThemes is vulnerable to a Cross-site Scripting (XSS) issue due to improper input neutralization during web page generation. This vulnerability allows for the possibility of stored XSS attacks, which could lead to unauthorized code execution and potential data leakage when a user interacts with a compromised page. Affected versions include Cozy Blocks from n/a through 2.0.15. Website administrators are urged to evaluate their installations and apply necessary updates to mitigate this security risk.

References

https://patchstack.com/database/vulnerability/cozy-addons...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2024