Lista de CVEs Notícias Registar Iniciar Sessão

Gutenberg Blocks by Kadence Blocks <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon'

• março 1º 2025 • PUBLISHED • RCE

Pontuação da CVSS

Severidade Média

6.4

Descrição

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icon’ parameter in all versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Versões Afetadas

Fornecedor	Produto	Versão
britner	Gutenberg Blocks with AI by Kadence WP – Page Builder Features	*

Referências

https://www.wordfence.com/threat-intel/vulnerabilities/id/9df00907-c95e-445c-b424-78a1e5e00e4f?source=cve https://plugins.trac.wordpress.org/browser/kadence-blocks/trunk/includes/blocks/class-kadence-blocks-testimonial-block.php#L219 https://plugins.trac.wordpress.org/changeset/3246675/