CVE-2024-8288 in Guten Post Layout PluginИнформация

Сводка

по MITRE • 01.10.2024

The Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:guten-post-layout/post-grid' Gutenberg block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Ответственный

Wordfence

Резервировать

28.08.2024

Раскрытие

01.10.2024

Модерация

принято

Вход

VDB-278954

EPSS

0.00342

KEV

Нет

Деятельности

Очень низкий

Сектор

Hostingprovider

Источники

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!