CVE-2024-12304
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Published Jan 11, 2025
CWE ID 79
Summary
CVE-2024-12304: The Gutenberg Blocks with AI plugin for WordPress, developed by Kadence WP, has a vulnerability that allows authenticated attackers with Contributor-level access or higher to inject malicious scripts. This occurs due to insufficient sanitization and output escaping in the button block link feature, putting pages at risk of executing arbitrary web scripts whenever they are accessed. Versions up to 3.4.2 are affected by this Stored Cross-Site Scripting (XSS) issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share