CVE-2024-10678

Published Dec 13, 2024

Last updated 2 months ago

CVSS medium 5.4

Overview

Description
The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Source
contact@wpscan.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.4
Impact score
2.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10678 (Published: 2024-12-13) - A medium severity vulnerability in Ultimate Blocks. Affects multiple versions. 🛠️ Remediation: Update to the latest version to mitigate risks. For more details, visit: https://t.co/LnpvgOaIrP #CyberSecurity #VulnerabilityAlert

    @transilienceai

    17 Dec 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10678 (Published: 2024-12-13) - A medium severity vulnerability affects Ultimate Blocks. Ensure you're using the latest version to mitigate risks. For detailed remediation steps, check out the full report: https://t.co/LnpvgOaIrP #CyberSecurity #VulnerabilityAlert

    @transilienceai

    17 Dec 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🔒 CVE-2024-10678 (Published: 2024-12-13) affects Ultimate Blocks. This medium-severity vulnerability impacts specific versions. To safeguard your site, ensure you update to the latest version immediately. Stay secure! More info: https://t.co/LnpvgOaIrP #CyberSecurity #WordPress

    @transilienceai

    17 Dec 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-10678 (Published: 2024-12-13) - A medium severity vulnerability in Ultimate Blocks. Affects multiple versions. Remediation: Update to the latest version to mitigate risks. Stay secure! 🔒 More info: https://t.co/LnpvgOaIrP #CyberSecurity #VulnerabilityAlert

    @transilienceai

    17 Dec 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2024-10678 (Published: 2024-12-13) - Medium severity vulnerability in Ultimate Blocks. Affects specific versions. 🛡️ Remediation is crucial! Check out the details and ensure your site is secure: https://t.co/LnpvgOaIrP #CyberSecurity #VulnerabilityAlert

    @transilienceai

    17 Dec 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-10678 The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block i… https://t.co/r7tNDL5Rd3

    @CVEnew

    13 Dec 2024

    131 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-10678 Stored XSS Vulnerability in Ultimate Blocks WordPress Plugin Pre-3.2.4 The Ultimate Blocks WordPress plugin, in versions before 3.2.4, doesn't properly check and secure certain block options. These... https://t.co/sYX2oaCnzX

    @VulmonFeeds

    13 Dec 2024

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References