CVE-2024-50452
Stored XSS in POSIMYTH Nexter Blocks
Publication date: 2026-02-20
Last updated on: 2026-02-25
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| posimyth | nexter_blocks | to 3.3.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-50452 is a Cross Site Scripting (XSS) vulnerability affecting the WordPress Nexter Blocks Plugin versions up to and including 3.3.3.
This vulnerability occurs due to improper neutralization of input during web page generation, allowing an attacker to inject malicious scripts.
Exploitation requires a privileged user (with at least Contributor or Developer roles) to interact with a crafted malicious link, page, or form.
Once exploited, the attacker can execute malicious scripts such as redirects, advertisements, or other HTML payloads when site visitors access the affected pages.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'Successful exploitation of this vulnerability can lead to execution of malicious scripts on your website, potentially redirecting visitors, displaying unwanted advertisements, or injecting harmful content.'}, {'type': 'paragraph', 'content': "This can degrade user trust, harm your website's reputation, and potentially expose users to further attacks."}, {'type': 'paragraph', 'content': 'However, the vulnerability is considered low priority with no impactful threat reported so far.'}, {'type': 'paragraph', 'content': 'To mitigate the risk, users should update the plugin to version 4.0.0 or later.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Cross Site Scripting (XSS) vulnerability involves identifying if your WordPress site is running the Nexter Blocks Plugin version 3.3.3 or earlier, which is known to be vulnerable.
You can check the installed plugin version using WordPress CLI commands or by inspecting the plugin details in the WordPress admin dashboard.
- Use the WP-CLI command to list installed plugins and their versions: wp plugin list
- Check specifically for the Nexter Blocks plugin version: wp plugin get the-plus-addons-for-block-editor --field=version
Additionally, monitoring for suspicious user actions by privileged users (Contributor or Developer roles) such as clicking unknown links or submitting unexpected forms could help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary and immediate mitigation step is to update the Nexter Blocks plugin to version 4.0.0 or later, where the vulnerability has been patched.'}, {'type': 'paragraph', 'content': 'If immediate updating is not possible, restrict privileged user roles (Contributor or Developer) from interacting with untrusted content or links to reduce the risk of exploitation.'}, {'type': 'paragraph', 'content': "Consider using automated update tools such as Patchstack's automated updates for vulnerable plugins to rapidly protect your site."}] [1]