CVE-2024-2729: Otter Blocks < 2.6.6 - Contributor+ Stored XSS
First published: Thu Apr 18 2024(Updated: )
The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otter Blocks | <2.6.6 | |
| Otter Blocks | <2.6.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-2729?
CVE-2024-2729 has been rated as a medium severity vulnerability due to potential Stored XSS attacks.
How do I fix CVE-2024-2729?
To fix CVE-2024-2729, update the Otter Blocks plugin to version 2.6.6 or later to ensure proper escaping of attributes.
Who is affected by CVE-2024-2729?
Anyone using Otter Blocks WordPress plugin versions prior to 2.6.6 is affected by CVE-2024-2729.
What type of vulnerability is CVE-2024-2729?
CVE-2024-2729 is classified as a Stored Cross-Site Scripting (XSS) vulnerability.
What are the risks associated with CVE-2024-2729?
The risks of CVE-2024-2729 include unauthorized access and potential data theft through the exploitation of Stored XSS attacks.
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup-request
- vendor/themeisle
- canonical/otter blocks
- vendor/otter blocks