CVE-2024-1946: 
WordPress vulnerability analysis and mitigation

The Genesis Blocks plugin for WordPress contains a Stored Cross-Site Scripting vulnerability (CVE-2024-1946) in versions up to and including 3.1.2. The vulnerability exists due to insufficient input sanitization and output escaping in the block content functionality (NVD).

The vulnerability stems from improper input sanitization and output escaping in the block content feature. This security flaw allows authenticated users with contributor-level access or higher to inject arbitrary web scripts into pages. The injected scripts will execute whenever a user accesses the affected page. The vulnerability has been assigned a CVSS v3.1 base score of 6.4 (Medium) with the vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N (NVD).

When exploited, this vulnerability allows authenticated attackers to inject malicious web scripts into pages. These scripts will execute in the context of other users' browsers when they visit the compromised pages, potentially leading to session hijacking, credential theft, or other client-side attacks (NVD).

Site administrators should update the Genesis Blocks plugin to a version newer than 3.1.2 as soon as possible. Additionally, it's recommended to review user roles and permissions to ensure only trusted users have contributor or higher access levels (NVD).