CVE-2024-12045: 
WordPress vulnerability analysis and mitigation

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress contains a Stored Cross-Site Scripting vulnerability (CVE-2024-12045) discovered in January 2025. The vulnerability affects all versions up to and including 5.0.9, specifically in the maker title value of the Google Maps block component (NVD).

The vulnerability is classified as a Stored Cross-Site Scripting (CWE-79) issue due to insufficient input sanitization and output escaping in the Google Maps block component. The CVSS v3.1 base score is 4.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N, indicating a network-accessible vulnerability requiring high privileges and complex attack conditions (NVD).

The vulnerability allows authenticated attackers with administrator-level access to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page. The impact is specifically limited to multi-site installations and installations where unfiltered_html has been disabled (NVD).

A fix has been released in version 5.1.1 of the Essential Blocks plugin. Users are advised to update to this latest version to mitigate the vulnerability (WordPress Plugins).