CVE-2024-50452
Awaiting Analysis Awaiting Analysis - Queue
Stored XSS in POSIMYTH Nexter Blocks

Publication date: 2026-02-20

Last updated on: 2026-02-25

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Nexter Blocks: from n/a through <= 3.3.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2024-50452
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
posimyth nexter_blocks to 3.3.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-50452 is a Cross Site Scripting (XSS) vulnerability affecting the WordPress Nexter Blocks Plugin versions up to and including 3.3.3.

This vulnerability occurs due to improper neutralization of input during web page generation, allowing an attacker to inject malicious scripts.

Exploitation requires a privileged user (with at least Contributor or Developer roles) to interact with a crafted malicious link, page, or form.

Once exploited, the attacker can execute malicious scripts such as redirects, advertisements, or other HTML payloads when site visitors access the affected pages.

Impact Analysis

[{'type': 'paragraph', 'content': 'Successful exploitation of this vulnerability can lead to execution of malicious scripts on your website, potentially redirecting visitors, displaying unwanted advertisements, or injecting harmful content.'}, {'type': 'paragraph', 'content': "This can degrade user trust, harm your website's reputation, and potentially expose users to further attacks."}, {'type': 'paragraph', 'content': 'However, the vulnerability is considered low priority with no impactful threat reported so far.'}, {'type': 'paragraph', 'content': 'To mitigate the risk, users should update the plugin to version 4.0.0 or later.'}] [1]

Compliance Impact

I don't know

Detection Guidance

Detection of this Cross Site Scripting (XSS) vulnerability involves identifying if your WordPress site is running the Nexter Blocks Plugin version 3.3.3 or earlier, which is known to be vulnerable.

You can check the installed plugin version using WordPress CLI commands or by inspecting the plugin details in the WordPress admin dashboard.

  • Use the WP-CLI command to list installed plugins and their versions: wp plugin list
  • Check specifically for the Nexter Blocks plugin version: wp plugin get the-plus-addons-for-block-editor --field=version

Additionally, monitoring for suspicious user actions by privileged users (Contributor or Developer roles) such as clicking unknown links or submitting unexpected forms could help detect exploitation attempts.

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary and immediate mitigation step is to update the Nexter Blocks plugin to version 4.0.0 or later, where the vulnerability has been patched.'}, {'type': 'paragraph', 'content': 'If immediate updating is not possible, restrict privileged user roles (Contributor or Developer) from interacting with untrusted content or links to reduce the risk of exploitation.'}, {'type': 'paragraph', 'content': "Consider using automated update tools such as Patchstack's automated updates for vulnerable plugins to rapidly protect your site."}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-50452. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart