cve/2024/CVE-2024-3901.md

### [CVE-2024-3901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3901)
![](https://img.shields.io/static/v1?label=Product&message=Genesis%20Blocks&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)

### Description

The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks.

### POC

#### Reference
- https://wpscan.com/vulnerability/9502e1ac-346e-4431-90a6-61143d2df37b/

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`### [CVE-2024-3901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3901)`
			`![](https://img.shields.io/static/v1?label=Product&message=Genesis%20Blocks&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)`

			`### Description`

			`The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks.`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/9502e1ac-346e-4431-90a6-61143d2df37b/`

			`#### Github`
			`No PoCs found on GitHub currently.`