CVE-2024-12045
CVSS 3.1 Score 4.4 of 10 (medium)
Details
Published Jan 8, 2025
CWE ID 79
Summary
CVE-2024-12045 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Essential Blocks – Page Builder plugin for WordPress. This issue allows authenticated attackers with administrator-level access to inject arbitrary web scripts into the Google Maps block's maker title value. These scripts will execute whenever a user accesses an injected page, posing a serious security risk. This vulnerability is present in all versions up to and including 5.0.9. The risk is heightened for multi-site installations and those with unfiltered_html disabled.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- WordPress Essential Blocks Plugin
Affected Vendors
- Automattic