CVE-2024-3513

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jul 2, 2024

Updated: Jul 5, 2024

CWE ID 943

Summary

CVE-2024-3513 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Ultimate Blocks – WordPress Blocks Plugin. This issue, present in all versions up to 3.1.9, allows authenticated attackers with contributor access and above to inject arbitrary web scripts into the title tag parameter. The vulnerability stems from insufficient input sanitization and output escaping, resulting in the execution of injected scripts whenever a user accesses an injected page.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IBM DB2

Affected Vendors

IBM Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/v2LBpc
https://www.cve.org/CVERecord?id=CVE-2024-3513
https://nvd.nist.gov/vuln/detail/CVE-2024-3513

Back to Vulnerability Database