CVE-2024-10872

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Nov 20, 2024
Updated: Nov 21, 2024
CWE ID 79

Summary

CVE-2024-10872 is a stored cross-site scripting (XSS) vulnerability affecting the Getwid – Gutenberg Blocks plugin for WordPress. This issue, present in all versions up to 2.0.12, enables authenticated attackers with Contributor-level access or higher to inject malicious web scripts into the `template-post-custom-field` block. The insufficient input sanitization and output escaping in this plugin allow the injected scripts to execute whenever an affected page is accessed, posing a significant security risk to WordPress sites.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share