The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
We have discovered 1,394 live websites that are affected by CVE-2024-8536.
Product | Ultimate Blocks |
Category | Wordpress Plugins |
Vulnerable Versions |
|
Vulnerable Versions Count | 59 versions ( 79.73% of all versions) |
Vulnerable Domains | 1,394 live websites (91.05% of Ultimate Blocks install base) |
United States | 748 websites |
Germany | 172 websites |
France | 57 websites |
GB | 53 websites |
Poland | 29 websites |
Netherlands | 22 websites |
Canada | 20 websites |
Russia | 17 websites |
Sweden | 16 websites |
Bulgaria | 14 websites |
.com | 605 websites |
.org | 134 websites |
.de | 107 websites |
.ca | 41 websites |
.net | 41 websites |
.co.uk | 40 websites |
.fr | 23 websites |
.pl | 22 websites |
.edu | 21 websites |
.com.au | 19 websites |
Domain | Country | Rank | Contacts |
---|---|---|---|
**********.com | United States | **,*** | |
***.com | Poland | **,*** | |
********.edu | United States | **,*** | |
*********.com | United States | **,*** | |
***********.com | United States | **,*** | |
*******.*******.edu | United States | **,*** | |
***********.org | United States | **,*** | |
*******.com | United States | **,*** | |
**********.io | Hungary | **,*** | |
***********.com | United States | **,*** |
FAQ