How severe is CVE-2024-11645?

CVE-2024-11645 has a CVSS v3 score of 4.8 (MEDIUM).

CVE-2024-11645

Name: float_block
Author: computy

4.8MEDIUM

The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even

Published: 12/27/2024Updated: 6/12/2025

Description

The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

AI AnalysisPowered by AI

Affected Products

computyfloat_block

References

https://wpscan.com/vulnerability/7771a76b-bc8c-426f-a125-5bd74ccf2845/
ExploitThird Party Advisory
https://wpscan.com/vulnerability/7771a76b-bc8c-426f-a125-5bd74ccf2845/
ExploitThird Party Advisory