The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the ‘blockspare_render_social_sharing_block’ function in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Metrics
Affected Vendors & Products
References
History
Mon, 07 Oct 2024 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Blockspare
Blockspare blockspare |
|
CPEs | cpe:2.3:a:blockspare:blockspare:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Blockspare
Blockspare blockspare |
Wed, 04 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 04 Sep 2024 05:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the ‘blockspare_render_social_sharing_block’ function in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
Title | Gutenberg Page Builder Blocks & Ready-Made Patterns Library <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-09-04T05:30:59.908Z
Updated: 2024-09-04T13:17:28.405Z
Reserved: 2024-08-29T23:49:58.554Z
Link: CVE-2024-8325
Vulnrichment
Updated: 2024-09-04T13:17:23.960Z
NVD
Status : Analyzed
Published: 2024-09-04T06:15:17.657
Modified: 2024-10-07T12:37:58.740
Link: CVE-2024-8325
Redhat
No data.