CVE-2024-12045

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Jan 8, 2025
CWE ID 79

Summary

CVE-2024-12045 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Essential Blocks – Page Builder plugin for WordPress. This issue allows authenticated attackers with administrator-level access to inject arbitrary web scripts into the Google Maps block's maker title value. These scripts will execute whenever a user accesses an injected page, posing a serious security risk. This vulnerability is present in all versions up to and including 5.0.9. The risk is heightened for multi-site installations and those with unfiltered_html disabled.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • WordPress Essential Blocks Plugin

Affected Vendors

  • Automattic