CVE-2024-10637

Name of the Vulnerable Software and Affected Versions Gutenberg Blocks with AI by Kadence WP versions prior to 3.2.54

Description The issue concerns insufficient validation and escaping of block options, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This vulnerability affects multi-site installations and installations where unfiltered html has been disabled, allowing authenticated attackers with administrator-level permissions to inject arbitrary web scripts in pages.

Recommendations For versions prior to 3.2.54, update to version 3.2.54 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable block options until a patch is available. Additionally, ensure that unfiltered html is enabled and properly configured to minimize the risk of exploitation.