CVE-2024-56245: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was identified in Leap13 Premium Blocks – Gutenberg Blocks for WordPress, tracked as CVE-2024-56245. The vulnerability was discovered by João Pedro Soares de Alcântara and affects versions through 2.1.42. The issue was reported on November 20, 2024, and publicly disclosed on December 30, 2024 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It received a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires Contributor-level privileges to exploit (Patchstack, NVD).

If exploited, this vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site (Patchstack).

The vulnerability has been patched in version 2.1.43 of the Premium Blocks – Gutenberg Blocks plugin. Users are advised to update to version 2.1.43 or later to remediate the vulnerability (Patchstack).