CVE-2024-2369
Page Builder Gutenberg Blocks < 3.1.7 - Contributor+ Stored XSSThe Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
We have discovered 151,368 live websites that are affected by CVE-2024-2369.
Affected Software
| Product |  GoDaddy CoBlocks |
| Category | Wordpress Plugins |
| Vulnerable Domains | 151,368 live websites (70% of GoDaddy CoBlocks install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 82 versions ( 89% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Apr 2, 2024
- Updated - Oct 31, 2024
Credits
- Dmitrii Ignatyev (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-2369 United States | 125,941 websites |
 GB | 4,892 websites |
 Germany | 3,151 websites |
 Canada | 2,816 websites |
 France | 2,136 websites |
 Italy | 1,252 websites |
 Australia | 1,170 websites |
 Netherlands | 1,142 websites |
 Spain | 834 websites |
 Switzerland | 663 websites |
Website Distribution by TLD
Number of websites using CVE-2024-2369| .com | 108,629 websites |
| .org | 11,752 websites |
| .net | 5,027 websites |
| .co.uk | 2,615 websites |
| .ca | 1,961 websites |
| .fr | 1,212 websites |
| .de | 920 websites |
| .nl | 775 websites |
| .com.au | 696 websites |
| .ch | 523 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-2369
Top websites that are affected by CVE-2024-2369. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | ** | |
| **********.com | United States | *** | |
| ********.com | United States | *,*** | |
| *******.com | United States | *,*** | |
| ***********.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| ****************.com | Canada | *,*** | |
| *****************.org | United States | *,*** | |
| ****.********.com | United States | *,*** | |
| *************.com | United States | **,*** |
FAQ
CVE-2024-2369 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GoDaddy CoBlocks
A total of 151,368 websites have been identified as vulnerable to CVE-2024-2369, based on global website indexing conducted by WebTechSurvey.
The GoDaddy CoBlocks is affected by the CVE-2024-2369 vulnerability.
GoDaddy CoBlocks versions up to 3.1.7 are vulnerable to CVE-2024-2369.
CVE-2024-2369 is resolved in version 3.1.7 of GoDaddy CoBlocks.