CVE Published: 04/06/2024 |
CVE Updated: 01/08/2024 |
CVE Year: 2024 Source: WPScan |
Vendor: Unknown |
Product: Gutenberg Blocks with AI by Kadence WP Status : PUBLISHED
CVE-2024-4057 Description
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks