cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forgenesis-blocks genesis-blocks

Direction: ascending
Jun 07, 2024

Genesis Blocks # CVE-2024-2761

CVE, Research URL

CVE-2024-2761

Home page URL

Security reports for Genesis Blocks

Application

Genesis Blocks

Date
Apr 19, 2024
Research Description
The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.
Affected versions
Min -, max -.
Status
vulnerable

Genesis Blocks # CVE-2024-1946

CVE, Research URL

CVE-2024-1946

Home page URL

Security reports for Genesis Blocks

Application

Genesis Blocks

Date
Apr 02, 2024
Research Description
The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable
Jul 10, 2024

Genesis Blocks # CVE-2024-3563

CVE, Research URL

CVE-2024-3563

Home page URL

Security reports for Genesis Blocks

Application

Genesis Blocks

Date
Jul 09, 2024
Research Description
The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable
May 19, 2025

Genesis Blocks # CVE-2024-3901

CVE, Research URL

CVE-2024-3901

Home page URL

Security reports for Genesis Blocks

Application

Genesis Blocks

Date
May 16, 2025
Research Description
The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks.
Affected versions
Min -, max -.
Status
vulnerable