CVE-2024-8536

Ultimate Blocks < 3.2.2 - Contributor+ Stored XSS

The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks


We have discovered 1,394 live websites that are affected by CVE-2024-8536.

Contact us to get more info




Affected Software

Product  Ultimate Blocks
Category Wordpress Plugins
Vulnerable Versions
  • from 0 before 3.2.2
Vulnerable Versions Count59 versions ( 79.73% of all versions)
Vulnerable Domains1,394 live websites (91.05% of Ultimate Blocks install base)


Common Weakness Enumeration

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')



Details

  • Published - Sep 30, 2024
  • Updated - Oct 1, 2024

Credits

  • Dmitrii Ignatyev (finder)
  • WPScan (coordinator)

CVE-2024-8536 usage by Country

United States748 websites



Germany172 websites
France57 websites
GB53 websites
Poland29 websites
Netherlands22 websites
Canada20 websites
Russia17 websites
Sweden16 websites
Bulgaria14 websites

CVE-2024-8536 usage by TLD

.com605 websites
.org134 websites
.de107 websites
.ca41 websites
.net41 websites
.co.uk40 websites
.fr23 websites
.pl22 websites
.edu21 websites
.com.au19 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-8536

Top websites that are affected by CVE-2024-8536. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
**********.com United States**,***
***.com Poland**,***
********.edu United States**,***
*********.com United States**,***
***********.com United States**,***
*******.*******.edu United States**,***
***********.org United States**,***
*******.com United States**,***
**********.io Hungary**,***
***********.com United States**,***
See full domain list

FAQ

CVE-2024-8536 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Ultimate Blocks
A total of 1,394 websites have been identified as vulnerable to CVE-2024-8536, discovered through global website indexing conducted by WebTechSurvey.
Ultimate Blocks is susceptible to CVE-2024-8536 vulnerability.
Ultimate Blocks versions before 3.2.2 are vulnerable to CVE-2024-8536.
Version 3.2.2 of Ultimate Blocks addresses the CVE-2024-8536 security vulnerability.