Author: Dmitrii I

In the ever-evolving landscape of web security, vulnerabilities in popular plugins can have widespread and severe consequences. A recent vulnerability, identified as CVE-2024-4057, has been discovered in the Gutenberg Blocks by Kadence Blocks plugin, a widely used tool with over 400,000 active installations. This critical-high vulnerability allows attackers to execute Stored Cross-Site Scripting (XSS) attacks, leading to admin account creation and potentially compromising the entire website.

In today’s digital age, security vulnerabilities in web applications can lead to severe consequences, including unauthorized access, data breaches, and loss of trust. One such critical vulnerability is the Stored Cross-Site Scripting (XSS) attack. This article explores a newly discovered Stored XSS vulnerability in the “Button Contact VR” WordPress plugin, identified as CVE-2024-2220. This flaw can allow attackers to embed malicious scripts, creating backdoors for account takeover, posing significant risks to website integrity and user data. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

In a recent security assessment, a critical vulnerability, CVE-2024-4372, was discovered within the Carousel Slider WordPress plugin. This flaw exposes an alarming risk of Stored Cross-Site Scripting (XSS), paving the way for unauthorized access and potential website compromise. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

A critical security vulnerability, CVE-2024-2189, has been identified in the Social Icons Widget & Block WordPress plugin, which boasts over 100k installations. This vulnerability exposes websites to the risk of Stored Cross-Site Scripting (XSS) attacks, potentially leading to account takeover and compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

A critical vulnerability, CVE-2024-2744, has been discovered in NextGen Gallery, a popular WordPress plugin with over 500 000+ installations. This flaw exposes websites to the risk of Stored XSS attacks, potentially leading to account takeover and compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

A critical vulnerability has emerged in Shortcodes Ultimate – CVE-2024-3548. With over 600k installations, this exploit poses a significant threat to WordPress sites. Let’s delve into the intricacies of this Stored XSS flaw and its potential repercussions.

WordPress users beware! CVE-2024-3241 looms over Ultimate Blocks, exposing a Stored XSS vulnerability that enables admin account creation. This threat, originating from a seemingly harmless plugin, demands immediate attention to safeguard your website’s integrity.

A critical security flaw has been discovered in the widely-used WordPress plugin, All in One SEO with more then 3 millions installations, marked as CVE-2024-3368. This vulnerability poses a significant threat, allowing attackers to execute malicious code through Stored Cross-Site Scripting (XSS) attacks, potentially leading to the creation of admin accounts by contributors.