CVE-2024-2841 – The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for …

29 March 2024

Vuln ID: CVE-2024-2841

Published: 2024-03-29 05:15:46.250

Description: The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘id’. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Base Score: 6.4 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Source: NVD.NIST.GOV

Date:

29 March 2024

Categorie(s):

NVD

Tag(s):

NVD

Closing the cybersecurity skills gap with upskilling programs29 April 2024
Anticipating and addressing cybersecurity challenges29 April 2024
The next step up for high-impact identity authorization29 April 2024
Discord dismantles Spy.pet site that snooped on millions of users29 April 2024
Securing the future of IoT: Why attack surface management is key29 April 2024