XSS in Wpengine Genesis_blocks
CVE-2024-3901
The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS a…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.005 (37.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Wpengine Genesis_blocks
- Unknown Genesis Blocks — versions 0
Weakness classification (CWE)
References
- contact@wpscan.com (Exploit, technical-description, Third Party Advisory, exploit, vdb-entry)
Frequently asked questions
- What is CVE-2024-3901?
- CVE-2024-3901 is a medium-severity vulnerability in Wpengine Genesis_blocks, classified under Cross-site Scripting. CVSS score: 6.8/10. Published 2025-05-15.
- How severe is CVE-2024-3901?
- Medium severity. CVSS v3 base score is 6.8 out of 10.