CVE-2024-4042

Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.


We have discovered 1 live websites that are affected by CVE-2024-4042.

Contact us to get more info




Affected Software

Product  Post Grid
Category Wordpress Plugins
Vulnerable Domains1 live websites (0.96% of Post Grid install base)
Vulnerable Versions
  • from 0 through 2.2.80
Vulnerable Versions Count1 versions ( 2.00% of all versions)



Details

  • Published - Jun 7, 2024
  • Updated - Aug 1, 2024

Credits

  • Matthew Rollings (finder)

CVE-2024-4042 usage by Country

United States1 websites

CVE-2024-4042 usage by TLD

.com1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-4042

Top websites that are affected by CVE-2024-4042. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
******.com United States**,***,***
See full domain list

FAQ

A total of 1 websites have been identified as vulnerable to CVE-2024-4042, discovered through global website indexing conducted by WebTechSurvey.
Post Grid is susceptible to CVE-2024-4042 vulnerability.
Post Grid versions before, and including, 2.2.80 are vulnerable to CVE-2024-4042.