CVE-2024-8536

Name of the Vulnerable Software and Affected Versions: The Ultimate Blocks WordPress plugin versions prior to 3.2.2

Description: The issue is related to the Ultimate Blocks WordPress plugin, which does not validate and escape some of its block attributes before outputting them back in a page or post where the block is embedded. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Recommendations: For versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable block attributes to minimize the risk of exploitation. Avoid using unvalidated and unescaped block attributes in pages or posts until the issue is resolved.