CVE-2024-2761

{"id": "CVE-2024-2761", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.3}]}, "published": "2024-04-19T05:15:49.907", "references": [{"url": "https://wpscan.com/vulnerability/e092ccdc-7ea1-4937-97b7-4cdbff5e74e5/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/e092ccdc-7ea1-4937-97b7-4cdbff5e74e5/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks."}, {"lang": "es", "value": "El complemento Genesis Blocks de WordPress anterior a 3.1.3 no escapa adecuadamente a la entrada de datos proporcionada a algunos de sus bloques, lo que permite su uso con al menos privilegios de colaborador para realizar ataques XSS almacenados."}], "lastModified": "2025-05-30T16:00:15.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpengine:genesis_blocks:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "7A181AC0-885B-4E84-821B-6A9F47E8E091", "versionEndExcluding": "3.1.3"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}