CVE-2024-9073

Summary

CVE-2024-9073 identifies a vulnerability in the GutenGeek Free Gutenberg Blocks plugin for WordPress, affecting all versions up to and including 1.1.3, which allows for Stored Cross-Site Scripting through SVG file uploads due to inadequate input sanitization and output escaping. This vulnerability permits authenticated attackers with Author-level access or higher to inject malicious web scripts that can execute when users access the SVG files. The severity of this issue is rated as medium, with a CVSS base score of 6.4, indicating a low attack complexity and requiring minimal privileges. To remediate this vulnerability, users should update the plugin to the latest version provided by the developers. If exploited, this vulnerability poses a risk of unauthorized data manipulation and potential impact on user trust within an organization’s web environment.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.