Name of the Vulnerable Software and Affected Versions:

The BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress versions through 3.2.13.1

Description:

The BlockSpare plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping within the HTML attributes of the Image Carousel and Image Slider widgets. This allows authenticated attackers with Contributor-level access or higher to inject malicious web scripts into pages. These scripts will execute automatically when a user accesses the compromised page.

Recommendations:

Update The BlockSpare plugin to a version later than 3.2.13.1.