CVE-2024-3344

Summary

CVE-2024-3344 is a vulnerability in the Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress. This vulnerability affects all versions up to and including 2.6.8. The vulnerability allows authenticated attackers with author-level access and above to execute arbitrary web scripts by injecting them into pages through a stored Cross-Site Scripting (XSS) attack via SVG file upload. The risk score for this vulnerability is 25, with a base severity of MEDIUM and a base score of 6.4 according to the CVSS:3.1 framework. The exploitability score is 3.1, indicating a medium level of difficulty in exploiting the vulnerability. The potential danger to organizations lies in the ability of attackers to inject malicious scripts that will execute whenever a user accesses an affected page. To remediate this vulnerability, users should update their Otter Blocks plugin to a version beyond 2.6.8, which includes fixes for input sanitization and output escaping to prevent XSS attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.