The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-06-17T06:00:01.480Z

Updated: 2024-08-01T20:33:53.172Z

Reserved: 2024-04-29T09:28:43.622Z

Link: CVE-2024-4305

cve-icon Vulnrichment

Updated: 2024-07-18T20:34:08.754Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-17T06:15:09.140

Modified: 2024-11-21T09:42:35.147

Link: CVE-2024-4305

cve-icon Redhat

No data.