CVE-2024-43335: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks plugin, affecting versions through 1.8.8. The vulnerability was reported on May 9, 2024, by security researcher 4rCanJ0x! and was publicly disclosed on August 16, 2024 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It has been assigned a CVSS v3.1 base score of 5.4 (Medium) by NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it with a slightly higher CVSS score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability allows attackers to inject malicious scripts, which could lead to redirects, unauthorized advertisements, and execution of other HTML payloads when visitors access the affected website. The attack requires user interaction and has the potential to impact both confidentiality and integrity of the system (Patchstack).

Users are advised to update to version 1.8.9 or later of the Responsive Blocks plugin to remediate this vulnerability. The issue has been fixed in version 1.8.9, and the update is considered a low-priority patch (Patchstack).