CVE-2024-4268
Published
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-37457 may be a duplicate of this issue.
<p><a href="https://ultimateblocks.com/pricing/" rel="nofollow ugc">Get Pro</a> | <a href="https://ultimateblocks.com/docs/" rel="nofollow ugc">Documentation</a></p>
<p>Ultimate Blocks is a free powerhouse for bloggers and content marketers using WordPress. It’s not just a plugin, it’s a toolkit to skyrocket user engagement and simplify content creation.</p>
<p>With Ultimate Blocks, you’re not just adding functionalities; you’re crafting experiences.</p>
<p>From interactive content filters, captivating call-to-actions, to social sharing made effortless, every block is a step towards a more engaging and visually appealing website.</p>
<p>It’s about making every visit count, every interaction memorable, and every content piece a breeze to create and manage.</p>
<p>Transform your WordPress journey; let Ultimate Blocks be the catalyst for your website’s success.</p>
<p>Ultimate Blocks currently includes the following blocks:</p>
<ul>
<li>Coupon (Available in Pro) – <a href="https://ultimateblocks.com/coupon-block/" rel="nofollow ugc">View Demo</a></li>
<li>Timeline (Available in Pro) – <a href="https://ultimateblocks.com/timeline-block" rel="nofollow ugc">View Demo</a></li>
<li>Content Filter – <a href="https://ultimateblocks.com/content-filter-block/" rel="nofollow ugc">View Demo</a></li>
<li>Review (Schema Markup Enabled) – <a href="https://ultimateblocks.com/schema-review-block/" rel="nofollow ugc">View Demo</a></li>
<li>HowTo Schema – <a href="https://ultimateblocks.com/howto-schema-block/" rel="nofollow ugc">View Demo</a></li>
<li>Table of Contents – <a href="https://ultimateblocks.com/table-of-contents-block/" rel="nofollow ugc">View Demo</a></li>
<li>Tabbed Content – <a href="https://ultimateblocks.com/tabbed-content-block/" rel="nofollow ugc">View Demo</a></li>
<li>Call to Action – <a href="https://ultimateblocks.com/call-to-action-block/" rel="nofollow ugc">View Demo</a></li>
<li>Content Toggle (Accordion) – <a href="https://ultimateblocks.com/content-toggle-accordion-block/" rel="nofollow ugc">View Demo</a></li>
<li>Styled Box – <a href="https://ultimateblocks.com/styled-box-block/" rel="nofollow ugc">View Demo</a></li>
<li>Styled List – <a href="https://ultimateblocks.com/styled-list-block/" rel="nofollow ugc">View Demo</a></li>
<li>Expand – <a href="https://ultimateblocks.com/expand-block/" rel="nofollow ugc">View Demo</a></li>
<li>Testimonial – <a href="https://ultimateblocks.com/testimonial-block/" rel="nofollow ugc">View Demo</a></li>
<li>Click to Tweet – <a href="https://ultimateblocks.com/click-to-tweet-block/" rel="nofollow ugc">View Demo</a></li>
<li>Social Share – <a href="https://ultimateblocks.com/social-share-block/" rel="nofollow ugc">View Demo</a></li>
<li>Countdown – <a href="https://ultimateblocks.com/countdown-block/" rel="nofollow ugc">View Demo</a></li>
<li>Progress Bar – <a href="https://ultimateblocks.com/progress-bar-block/" rel="nofollow ugc">View Demo</a></li>
<li>Post Grid – <a href="https://ultimateblocks.com/post-grid-block/" rel="nofollow ugc">View Demo</a></li>
<li>Star Rating – <a href="https://ultimateblocks.com/star-rating-block/" rel="nofollow ugc">View Demo</a></li>
<li>Image Slider – <a href="https://ultimateblocks.com/image-slider-block/" rel="nofollow ugc">View Demo</a></li>
<li>Button (Improved) – <a href="https://ultimateblocks.com/improved-button-block/" rel="nofollow ugc">View Demo</a></li>
<li>Divider – <a href="https://ultimateblocks.com/divider-block/" rel="nofollow ugc">View Demo</a></li>
</ul>
<p>We have more exciting blocks in the making. Have a suggestion? <a href="https://ultimateblocks.com/contact/" rel="nofollow ugc">Let us know</a>.</p>
<h3>Join Us To Get Updates and Resources</h3>
<ul>
<li><a href="https://ultimateblocks.com?utm_medium=wp.org&utm_source=wordpressorg&utm_campaign=readme&utm_content=ultimateblocks" rel="nofollow ugc">Visit Ultimate Blocks Website</a></li>
<li><a href="http://twitter.com/Ultimate_Blocks" rel="nofollow ugc">Follow Us on Twitter</a></li>
<li><a href="https://ultimateblocks.com/community/" rel="nofollow ugc">Join Our Support Community</a></li>
<li><a href="https://www.facebook.com/groups/ultimateblocks/" rel="nofollow ugc">Join Our Facebook Group</a></li>
</ul>
<h3>More Info About the Blocks</h3>
<p><strong>Content Filter</strong><br />
Content Filter lets your visitors filter the content based on different filters. You can let your users go through your content more easily.</p>
<p><strong>Review Block</strong><br />
Add a review block with product name, features, summary, button and star rating. It is Schema Markup enabled.</p>
<p><strong>HowTo Schema Block</strong><br />
Add HowTo Schema with sections, steps and valid schema data.</p>
<p><strong>Table of Contents Block</strong><br />
Generate a table of contents from your headings.</p>
<p><strong>Tabbed Content Block</strong><br />
Add content in tabs in your posts/pages. This comes with a nice drag and drop feature to sort the tabs.</p>
<p><strong>Call to Action Block</strong><br />
Add a nice call to action box with a button. Encourage users to take action, engage more. You can customize everything in the block.</p>
<p><strong>Content Toggle</strong><br />
Add contents in accordions. Let visitors expand them and show the content.</p>
<p><strong>Styled Box Block</strong><br />
Add styled box like – Notification box, Number box, Feature box in your content. Three templates now, more in the making.</p>
<p><strong>Styled List Block</strong><br />
This block lets you add a styled list in your post or pages. Instead of bullets you can use various icons as your list style type. You can also choose color for icons.</p>
<p><strong>Expand Block</strong><br />
Expand Block lets you add expandable content. You can hide some part of your content initially. Upon clicking on ‘Show More’ it will show. It can be hidden again.</p>
<p><strong>Testimonial Block</strong><br />
Nice, simple testimonial box with option to add image, name, role of the testimonial author.</p>
<p><strong>Click to Tweet</strong><br />
Add tweetable content in your posts/pages.</p>
<p><strong>Social Share Block</strong><br />
Add social share buttons in your posts and pages with this blocks. It comes with lots of customization options too.</p>
<p><strong>Countdown Block</strong><br />
Add a countdown in your post/pages. Comes with three different styles.</p>
<p><strong>Progress Bar Block</strong><br />
Add Cirle/Line Progress bar with this blocks. Comes with options to change thickness, color.</p>
<p><strong>Post Grid Block</strong><br />
Add a list or grid of your posts. Comes with options to change categories, order and many more.</p>
<p><strong>Star Rating Block</strong><br />
Add Star ratings in your posts/pages. You can customize size, color, numbers of stars.</p>
<p><strong>Image Slider Block</strong><br />
Add a lightweight, simple image slider in your post. Comes with additional settings.</p>
<p><strong>Button Block</strong><br />
Button block with more customization options and controls.</p>
<p><strong>Divider Block</strong><br />
Add custom divider between your blocks. Customize the color, size, everything.</p>
<h3>Other tools from us</h3>
<p><a href="https://wordpress.org/plugins/tableberg/" rel="ugc">Tableberg</a>: The Best WordPress Block Table Plugin to create beautiful and responsive tables.</p>
<p><a href="https://wordpress.org/themes/groundwp/" rel="ugc">GroundWP</a>: Lightweight and Minimal Block Theme for efficient Full-Site Editing.</p>
WordPress Plugin Directory