cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1684,https://securityvulnerability.io/vulnerability/CVE-2024-1684,Stored Cross-Site Scripting Vulnerability in Otter Blocks Plugin for WordPress,"The Otter Blocks plugin for WordPress allows authenticated attackers with contributor access and higher to exploit a stored cross-site scripting vulnerability. This is due to inadequate input sanitization and output escaping in the contact form file field's CSS metabox across all versions up to and including 2.6.3. Attackers can inject arbitrary web scripts into the pages, which execute when users access the affected pages, leading to potential data theft or site compromise.",Wordpress,"Otter Blocks Pro – Gutenberg Blocks, Page Builder For Gutenberg Editor & Fse",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:27:05.116Z,0
CVE-2024-1691,https://securityvulnerability.io/vulnerability/CVE-2024-1691,Stored Cross-Site Scripting in Otter Blocks Plug-in for WordPress,"The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit a stored cross-site scripting flaw via an insecure file upload form. This issue arises from insufficient input sanitization and output escaping, specifically when handling SVG file uploads. Attackers can inject malicious scripts into pages, which will execute whenever a user visits the compromised page. While version 2.6.4 addresses this issue by sanitizing uploaded SVG files, earlier versions remain vulnerable.",Wordpress,"Otter Blocks Pro – Gutenberg Blocks, Page Builder For Gutenberg Editor & Fse",6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-13T15:26:57.917Z,0