CVE-2024-7132
CoBlocks < 3.1.13 - Editor+ Stored XSSThe Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts (editor and admin by default) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
We have discovered 279,937 live websites that are affected by CVE-2024-7132.
Affected Software
| Product |  GoDaddy CoBlocks |
| Category | Wordpress Plugins |
| Vulnerable Domains | 279,937 live websites (81.72% of GoDaddy CoBlocks install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 125 versions ( 97.66% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Aug 29, 2024
- Updated - Aug 29, 2024
Credits
- Dmitrii Ignatyev (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2024-7132 usage by Country
 United States | 271,059 websites |
 Germany | 1,943 websites |
 GB | 1,343 websites |
 France | 513 websites |
 Japan | 476 websites |
 Netherlands | 436 websites |
 Switzerland | 320 websites |
 Canada | 286 websites |
 Italy | 260 websites |
 Australia | 245 websites |
CVE-2024-7132 usage by TLD
| .com | 205,035 websites |
| .org | 20,991 websites |
| .net | 9,699 websites |
| .co.uk | 4,245 websites |
| .ca | 3,121 websites |
| .fr | 1,732 websites |
| .de | 1,569 websites |
| .nl | 1,260 websites |
| .com.au | 1,201 websites |
| .ch | 862 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-7132
Top websites that are affected by CVE-2024-7132. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | ** | |
| ********.*********.com | United States | ** | |
| **********.com | United States | *** | |
| ********.com | United States | *,*** | |
| *********.com | United States | *,*** | |
| *******.com | United States | *,*** | |
| ***********.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| ********.org | United States | *,*** | |
| ****************.com | United States | *,*** |
FAQ
CVE-2024-7132 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GoDaddy CoBlocks
A total of 279,937 websites have been identified as vulnerable to CVE-2024-7132, discovered through global website indexing conducted by WebTechSurvey.
GoDaddy CoBlocks is susceptible to CVE-2024-7132 vulnerability.
GoDaddy CoBlocks versions before 3.1.13 are vulnerable to CVE-2024-7132.
Version 3.1.13 of GoDaddy CoBlocks addresses the CVE-2024-7132 security vulnerability.