cleantalk
Vulnerabilities and Security Researches

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE, CVE-2024-2729

CVE, Research URL

CVE-2024-2729

Home page URL

Security reports for Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Application

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Published on
Apr 18, 2024
Research Description
The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks.
Affected versions
Min -, max 2.6.6.
Status
vulnerable
Previous vulnerability researches
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE (CVE-2024-3343) , Jun 07, 2024
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE (CVE-2024-2729) , Jun 07, 2024
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE (CVE-2024-3725) , Jun 07, 2024
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE (CVE-2023-2288) , Jun 07, 2024
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE (CVE-2024-2226) , Jun 07, 2024
New vulnerability
Simple Login Log (CVE-2025-49438) , Aug 23, 2025
SensorPress (CVE-2025-49409) , Aug 23, 2025
Notice Bar (CVE-2025-49389) , Aug 23, 2025
Testimonial (CVE-2025-49410) , Aug 23, 2025
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) (CVE-2025-8607) , Aug 23, 2025