Stored Cross-Site Scripting (XSS) Vulnerability in Guten Post Layout's WordPress Gutenberg Plugin
CVE-2024-8288

6.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Guten Post Layout – An Advanced Post Grid Collection For WordPress Gutenberg
Vendor: CVE Published:; 1 October 2024

Summary

The Guten Post Layout plugin for WordPress is susceptible to a Stored Cross-Site Scripting issue due to inadequate sanitization and escaping of user inputs in the 'align' attribute of the 'wp:guten-post-layout/post-grid' Gutenberg block. This flaw allows authenticated attackers with Contributor-level permissions or higher to inject arbitrary scripts into web pages. When users access these pages, malicious scripts can be executed, potentially compromising site integrity and user data.

Affected Version(s)

Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg * <= 1.2.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/guten-post-lay...

https://wordpress.org/plugins/guten-post-layout/#developers

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 1, 2024
Vulnerability Reserved
Aug 28, 2024

Credit

Francesco Carlucci