CVE-2024-4209
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown TimerThe Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 13,586 live websites that are affected by CVE-2024-4209.
Affected Software
| Product |  Kadence Blocks |
| Category | Wordpress Plugins |
| Vulnerable Domains | 13,586 live websites (21.03% of Kadence Blocks install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 261 versions ( 87.29% of all versions) |
Details
- Published - May 11, 2024
- Updated - Aug 1, 2024
Credits
- Craig Smith (finder)
CVE References
CVE-2024-4209 usage by Country
 United States | 5,260 websites |
 Germany | 1,557 websites |
 France | 871 websites |
 GB | 569 websites |
 Poland | 563 websites |
 Japan | 369 websites |
 Russia | 369 websites |
 Netherlands | 341 websites |
 Spain | 284 websites |
 Italy | 243 websites |
CVE-2024-4209 usage by TLD
| .com | 6,246 websites |
| .de | 805 websites |
| .org | 704 websites |
| .pl | 434 websites |
| .fr | 416 websites |
| .net | 411 websites |
| .co.uk | 370 websites |
| .ru | 342 websites |
| .nl | 336 websites |
| .com.au | 211 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-4209
Top websites that are affected by CVE-2024-4209. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | *,*** | |
| *******.cz |  Czech Republic | *,*** | |
| *********.com | United States | **,*** | |
| *************.com | United States | **,*** | |
| *******************.com | United States | **,*** | |
| ************.com | United States | **,*** | |
| ************.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| ******.org |  Bulgaria | **,*** |
FAQ
A total of 13,586 websites have been identified as vulnerable to CVE-2024-4209, discovered through global website indexing conducted by WebTechSurvey.
Kadence Blocks is susceptible to CVE-2024-4209 vulnerability.
Kadence Blocks versions before, and including, 3.2.36 are vulnerable to CVE-2024-4209.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/cff2e5be-0de0-4e62-a881-6156760b7d99?source=cve
- https://plugins.trac.wordpress.org/browser/kadence-blocks/trunk/includes/blocks/class-kadence-blocks-countdown-block.php
- https://plugins.trac.wordpress.org/changeset/3083616/kadence-blocks/trunk/dist/blocks-countdown.js