CVE-2024-4366

Spectra – WordPress Gutenberg Blocks <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_id’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

We have discovered 7,532 live websites that are affected by CVE-2024-4366.

Test my site



Affected Software

Product  Spectra
Category Wordpress Plugins
Vulnerable Domains7,532 live websites (13.29% of Spectra install base)
Vulnerable Versions
  • from 0 through 2.13
Vulnerable Versions Count140 versions ( 82.84% of all versions)



Details

  • Published - May 24, 2024
  • Updated - Aug 1, 2024

Credits

  • Ngô Thiên An (finder)

CVE-2024-4366 usage by Country

United States2,907 websites


Germany892 websites
France553 websites
Cyprus303 websites
GB255 websites
Poland218 websites
Spain217 websites
Netherlands154 websites
Russia143 websites
Italy117 websites

CVE-2024-4366 usage by TLD

.com3,380 websites
.de419 websites
.org399 websites
.net218 websites
.fr194 websites
.co.uk194 websites
.pl178 websites
.nl150 websites
.com.br150 websites
.es125 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-4366

Top websites that are affected by CVE-2024-4366. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
********.com United States**,***
*************.com United States**,***
***.com United States**,***
************.com United States**,***
******************.com United States**,***
**********.org GB***,***
*******.com United States***,***
******.com United States***,***
***********.com United States***,***
*********.com United States***,***
See full domain list

FAQ

A total of 7,532 websites have been identified as vulnerable to CVE-2024-4366, discovered through global website indexing conducted by WebTechSurvey.
Spectra is susceptible to CVE-2024-4366 vulnerability.
Spectra versions before, and including, 2.13 are vulnerable to CVE-2024-4366.