cleantalk
Vulnerabilities and Security Researches

Ultimate Blocks – WordPress Blocks Plugin, CVE-2024-10678

CVE, Research URL

CVE-2024-10678

Home page URL

Security reports for Ultimate Blocks – WordPress Blocks Plugin

Application

Ultimate Blocks – WordPress Blocks Plugin

Published on
Dec 13, 2024
Research Description
The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 3.2.4.
Status
vulnerable
Previous vulnerability researches
Ultimate Blocks – WordPress Blocks Plugin (CVE-2025-1312) , Mar 27, 2025
Ultimate Blocks – WordPress Blocks Plugin (CVE-2024-6362) , Jul 31, 2024
Ultimate Blocks – WordPress Blocks Plugin (CVE-2022-4974) , Nov 15, 2024
Ultimate Blocks – WordPress Blocks Plugin (CVE-2025-31077) , Apr 02, 2025
Ultimate Blocks – WordPress Blocks Plugin (CVE-2024-4655) , Jul 03, 2024
New vulnerability
MediaView (CVE-2025-31898) , Apr 05, 2025
Product Filter by WBW (CVE-2025-2317) , Apr 05, 2025
Widget Manager Light (CVE-2025-31768) , Apr 05, 2025
Residential Address Detection (CVE-2025-30916) , Apr 05, 2025
SWM – Shopify to WooCommerce Migration (CVE-2025-31795) , Apr 05, 2025