CVE-2024-2369

Name of the Vulnerable Software and Affected Versions Page Builder Gutenberg Blocks WordPress plugin versions prior to 3.1.7

Description The issue concerns a Stored Cross-Site Scripting (XSS) attack. It is estimated that over 400,000 WordPress sites are potentially affected. The problem arises because the plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks, potentially leading to unauthorized access, including admin account creation.

Recommendations For versions prior to 3.1.7, upgrade to version 3.1.7 or later to secure your site. As a temporary workaround, consider restricting the use of block options that could be used to inject malicious scripts until a patch is applied. Avoid using the plugin's block options in a way that could allow malicious actors to inject scripts.