CVE-2024-13516

Name of the Vulnerable Software and Affected Versions Kubio AI Page Builder plugin for WordPress versions up to, and including, 2.3.5

Description The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages via the message parameter, which can execute if a user is tricked into performing an action like clicking on a link.

Recommendations For versions up to, and including, 2.3.5, consider disabling the message parameter until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of arbitrary web script injection. Update to a version later than 2.3.5 when available.