CVE-2024-0598
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled.
We have discovered 9,734 live websites that are affected by CVE-2024-0598.
Affected Software
| Product |  Kadence Blocks |
| Category | Wordpress Plugins |
| Vulnerable Domains | 9,734 live websites (15.07% of Kadence Blocks install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 242 versions ( 80.94% of all versions) |
Details
- Published - Apr 9, 2024
- Updated - Aug 1, 2024
Credits
- Akbar Kustirama (finder)
CVE References
CVE-2024-0598 usage by Country
 United States | 3,276 websites |
 Germany | 1,166 websites |
 France | 695 websites |
 GB | 419 websites |
 Poland | 405 websites |
 Japan | 337 websites |
 Russia | 286 websites |
 Netherlands | 265 websites |
 Spain | 227 websites |
 Italy | 202 websites |
CVE-2024-0598 usage by TLD
| .com | 4,258 websites |
| .de | 613 websites |
| .org | 443 websites |
| .fr | 335 websites |
| .pl | 310 websites |
| .co.uk | 274 websites |
| .ru | 270 websites |
| .nl | 259 websites |
| .net | 252 websites |
| .com.au | 160 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-0598
Top websites that are affected by CVE-2024-0598. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | *,*** | |
| *******.cz |  Czech Republic | *,*** | |
| *********.com | United States | **,*** | |
| *************.com | United States | **,*** | |
| ************.com | United States | **,*** | |
| ************.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| ******.org |  Bulgaria | **,*** | |
| ***.sk |  Slovakia | **,*** |
FAQ
A total of 9,734 websites have been identified as vulnerable to CVE-2024-0598, discovered through global website indexing conducted by WebTechSurvey.
Kadence Blocks is susceptible to CVE-2024-0598 vulnerability.
Kadence Blocks versions before, and including, 3.2.17 are vulnerable to CVE-2024-0598.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/989bd778-c7b2-41c5-ac4a-2f1a4e594f0d?source=cve
- https://advisory.abay.sh/cve-2024-0598
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023068%40kadence-blocks&new=3023068%40kadence-blocks&sfp_email=&sfph_mail=