Cross-site Scripting Vulnerability in CozyThemes Cozy Blocks for WordPress
CVE-2024-50441

5.4MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
28 October 2024

What is CVE-2024-50441?

The CozyBlocks plugin for WordPress developed by CozyThemes is vulnerable to a Cross-site Scripting (XSS) issue due to improper input neutralization during web page generation. This vulnerability allows for the possibility of stored XSS attacks, which could lead to unauthorized code execution and potential data leakage when a user interacts with a compromised page. Affected versions include Cozy Blocks from n/a through 2.0.15. Website administrators are urged to evaluate their installations and apply necessary updates to mitigate this security risk.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.
The Cyber Security Vulnerability Database.