Stored XSS Vulnerability in Gutenberg Blocks by Kadence WP Plugin
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress has a Stored Cross-Site Scripting vulnerability. This affects all versions up to and including 3.4.2. The problem is due to insufficient input sanitization and output escaping in the button block link. An authenticated attacker with Contributor-level access or higher can inject web scripts into pages. These scripts run whenever someone visits an injected page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
britner gutenberg blocks with ai by kadence wp – page builder features |