CVE-2024-12495
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-12495 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Bootstrap Blocks for WP Editor plugin for WordPress. The issue lies in the 'gtb-bootstrap/column' block, which fails to provide sufficient input sanitization and output escaping. As a result, authenticated attackers with Contributor-level access or higher can inject malicious scripts into pages. Once injected, these scripts will execute whenever an affected user views the manipulated page. This defect poses a significant risk, especially in multisite environments, allowing attackers to conduct various malicious activities, such as session hijacking or data theft. It is recommended that users of the affected plugin update to the latest version as soon as possible to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.