cleantalk
Vulnerabilities and Security Researches

Nova Blocks by Pixelgrade, CVE-2024-8241

CVE, Research URL

CVE-2024-8241

Home page URL

Security reports for Nova Blocks by Pixelgrade

Application

Nova Blocks by Pixelgrade

Published on
Sep 10, 2024
Research Description
The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.1.8.
Status
vulnerable
Previous vulnerability researches
Nova Blocks by Pixelgrade (CVE-2024-8241) , Sep 11, 2024
Nova Blocks by Pixelgrade (CVE-2025-31819) , Apr 04, 2025
New vulnerability
Themify Shortcodes (CVE-2025-39581) , Apr 18, 2025
Asgaros Forum (CVE-2025-39514) , Apr 18, 2025
Total processing card payments for WooCommerce (CVE-2025-32513) , Apr 18, 2025
WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms (CVE-2025-39560) , Apr 18, 2025
CRUDLab Scroll to Top (CVE-2025-22774) , Apr 18, 2025