In the dynamic world of WordPress plugins, security vulnerabilities can have significant impacts on the safety and functionality of websites. One such critical issue has been identified in the Ultimate Blocks plugin, assigned CVE-2024-6362. This vulnerability allows attackers to exploit Stored Cross-Site Scripting (XSS) to create admin accounts through malicious JavaScript code.
CVE | CVE-2024-6362 |
Plugin | Ultimate Blocks < 3.2.0 |
Critical | High |
All Time | 1 425 000 |
Active installations | 50 000+ |
Publicly Published | July 15, 2024 |
Last Updated | July 15, 2024 |
Researcher | Dmitrii Ignatyev |
OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
PoC | Yes |
Exploit | No |
Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6362 https://wpscan.com/vulnerability/d2e2d06b-0f07-40b9-9b87-3373f62ae1a9/ |
Plugin Security Certification by CleanTalk | |
Logo of the plugin |
Timeline
May 4, 2024 | Plugin testing and vulnerability detection in the Ultimate Blocks have been completed |
May 4, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
July 15, 2024 | Registered CVE-2024-6362 |
Discovery of the Vulnerability
During a routine security assessment of the Ultimate Blocks plugin, a Stored XSS vulnerability was discovered. The flaw allows unauthorized users to inject malicious scripts via a new post, which the plugin then processes and stores. This vulnerability can be leveraged to create unauthorized admin accounts, giving attackers control over the WordPress site.
Understanding of Stored XSS attack’s
XSS vulnerabilities are among the most common security issues in web applications, including WordPress. They occur when an attacker is able to inject malicious scripts into web pages viewed by other users. In the context of WordPress, this can lead to various forms of exploitation, including session hijacking, unauthorized actions, and even full administrative control of the site. Real-world examples include past incidents where XSS was used to steal user data or escalate privileges.
Exploiting the Stored XSS Vulnerability
In this particular vulnerability, the attack involves injecting malicious JavaScript into the “postTitleTag” field within the Ultimate Blocks plugin. The proof of concept (POC) payload involves a complex JavaScript snippet embedded in the post content. Here’s a simplified version of the exploit:
POC:
<!-- wp:ub/post-grid {\"blockID\":\"a8c7dde7-b132-40a2-89ac-42425cef5e3a\",\"postImageWidth\":0,\"excerptLength\":24,\"readMoreText\":\"123\\u0022asdasd= '';asdasd='\\\\';\\u003c/style\\u003e\\u0026lt;img src=x onerror=alert(1)\\u0026gt;\\u003cimg src=x onerror=alert(1)\\u003e; alert( 555 );// \\u0022 ~!@#$%^\\u0026U*I(OP_+`1234~!@#$%^\\u0026*()_\",\"postLayout\":\"list\",\"columnGap\":\"30px\",\"postTitleTag\":\"img src=x onerror=alert(1)\"} /-->
____
The potential impact of this vulnerability is significant. If exploited, attackers could gain administrative access to WordPress sites, allowing them to modify content, install malicious plugins, or even steal sensitive information. This poses a serious risk to site owners and users, especially those managing critical business operations or personal data through their WordPress sites.
Recommendations for Improved Security
To mitigate this vulnerability, it is crucial for users of the Ultimate Blocks plugin to update to the latest version where the issue has been addressed. Additionally, site administrators should regularly audit their plugins for security flaws, implement robust input validation, and restrict user permissions to minimize the risk of exploitation. Employing a web application firewall and keeping all plugins and themes up-to-date can also help protect against similar vulnerabilities.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-6362, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
ARTYOM K.