CVE-2024-3818 – The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for …

19 April 2024

Vuln ID: CVE-2024-3818

Published: 2024-04-19 03:15:06.800

Description: The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s “Social Icons” block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Base Score: 5.4 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Source: NVD.NIST.GOV

Date:

19 April 2024

Categorie(s):

NVD

Tag(s):

NVD

Smashing Security podcast #370: The closed loop conundrum, default passwords, and Baby Reindeer1 May 2024
Cyberattack against United Russia claimed by Ukraine1 May 2024
US jails former NSA employee for attempting secret sale to Russia1 May 2024
Better identity threat detection sought by new Semperis ML-based tool1 May 2024
Oasis Security reels in $35M more to secure nonhuman identities1 May 2024