How severe is CVE-2024-8760?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-8760?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2024-8760 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact. These nonces could be used to perform CSRF attacks within a limited time window. The presence of other plugins may make additional nonces available, which may pose a risk in plugins that don't perform capability checks to protect AJAX actions or other actions reachable by lower-privileged users.

Related Vulnerabilities

CVE-2014-8677

MEDIUM

CVSS:5.3(Medium)

The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create ar...

CWE-942014

CVE-2015-5970

MEDIUM

CVSS:5.3(Medium)

The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed...

CWE-942015

CVE-2019-3652

MEDIUM

CVSS:5.3(Medium)

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code ...

CWE-942019

CVE-2022-0578

MEDIUM

CVSS:5.3(Medium)

Code Injection in GitHub repository publify/publify prior to 9.2.8.

CWE-942022

CVE-2023-39333

MEDIUM

CVSS:5.3(Medium)

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not ha...

CWE-942023

CVE-2023-43792

MEDIUM

CVSS:5.3(Medium)

baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions...

CWE-942023