CVE-2024-5417

Name of the Vulnerable Software and Affected Versions: Gutentor WordPress plugin versions prior to 3.3.6

Description: The issue concerns the Gutentor WordPress plugin, which does not validate and escape some of its block options before outputting them back in a page or post where the block is embedded. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Recommendations: For Gutentor WordPress plugin versions prior to 3.3.6, update to version 3.3.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable block options until a patch is available. Additionally, restrict access to the plugin's block embedding feature to minimize the risk of exploitation.