From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Plugin Name: Gutenberg Blocks with AI by Kadence WP < 3.2.39 2. Vulnerability Type: Contributor+ Stored XSS 3. Description: The plugin does not properly validate or escape certain block options during output, allowing users with Contributor or higher roles to execute stored cross-site scripting attacks. 4. Proof of Concept: - Add a countdown block to a post. - In the block settings, scroll to "Countdown Layout". - Set the "Days Label" field to . - Save the post and preview. 5. Affected Plugin: kadence-blocks 6. Fix Status: Fixed in version 3.2.39. 7. References: - CVE - URL 8. Classification: - Type: XSS - OWASP TOP 10: A7: Cross-Site Scripting (XSS) - CWE: CWE-79 9. Additional Information: - Original Researcher: Dmitrii Ignatyev - Submitter: Dmitrii Ignatyev - Submitter Website: https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/ - Verified: Yes - WPVDB ID: 1768de0c-e4ea-4c98-abf1-7ac805f214b8 - Published Date: 2024-07-18 - Added Date: 2024-07-18 - Last Updated: 2024-07-18 10. Other Vulnerabilities: - Mhr Post Ticker < 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting - Spiffy Calendar < 3.3.0 - Reflected Cross-Site Scripting (XSS) - Click To Tweet <= 2.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting - ChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS - Simple Site Verify < 1.0.8 - Admin+ Stored XSS This information provides a detailed description and resolution for the vulnerability, helping users understand and remediate the issue.