CVE-2024-10484 – “Stored Xss in WordPress Gutenberg Blocks”

12月 3, 2024
7:16 am

CVE ID : CVE-2024-10484

Published : Dec. 3, 2024, 6:15 a.m. | 1 hour, 1 minute ago

Description : The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘Team’ widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-10484 – “Stored Xss in WordPress Gutenberg Blocks”

Elvescore.io

Recent Posts

CVE-2024-12908 – Delinea Secret Server Regular Expression Injection Vulnerability

CVE-2024-12958 – RPost MCA SQL Injection Vulnerability

CVE-2024-12959 – “Fortress MCA SQL Injection”

CVE-2024-51540 – Dell ECS Arithmetic Overflow Vulnerability (Path Traversal)

CVE-2024-12955 – PHPGurukul Blood Bank & Donor Management System CSRF Vulnerability

CVE-2024-12956 – “Unrestricted File Upload in 1000 Projects Portfolio Management System MCA”

CVE-2024-10484 – “Stored Xss in WordPress Gutenberg Blocks”

CVE-2024-10484 – “Stored Xss in WordPress Gutenberg Blocks”