The popular Genesis Blocks plugin, a cornerstone for many WordPress sites, has recently been pinpointed as a vehicle for cybersecurity threats. With its wide usage across over 100,000 installations, the implications of this vulnerability are extensive and alarming.
CVE | CVE-2024-3901 |
Plugin | Genesis Blocks <= 3.1.3 |
Critical | High |
All Time | 1 526 000 |
Active installations | 100 000+ |
Publicly Published | July 15, 2024 |
Last Updated | July 15, 2024 |
Researcher | Dmitrii Ignatyev |
OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
PoC | Yes |
Exploit | No |
Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3901 https://wpscan.com/vulnerability/9502e1ac-346e-4431-90a6-61143d2df37b/ |
Plugin Security Certification by CleanTalk | |
Logo of the plugin |
Timeline
April 12, 2024 | Plugin testing and vulnerability detection in the Genesis Blocks have been completed |
April 12, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
July 15, 2024 | Registered CVE-2024-3901 |
Discovery of the Vulnerability
During routine security assessments, researchers uncovered a critical Stored Cross-Site Scripting (XSS) vulnerability tagged as CVE-2024-3901. This flaw can be exploited by attackers to perform unauthorized actions, potentially leading to administrative account creation and full system compromise.
Understanding of Stored XSS attack’s
Stored XSS attacks are particularly dangerous within WordPress because they allow attackers to inject malicious scripts into web pages viewed by other users. These scripts can steal cookies, hijack sessions, or redirect victims to malicious websites. This type of vulnerability is notorious within web applications and has been exploited in numerous plugins, underscoring the need for rigorous input sanitization.
Exploiting the Stored XSS Vulnerability
The exploitation method involves inserting a malicious JavaScript code snippet into the “content” field of a new post using the Genesis Blocks plugin. The malicious code is executed when the post is viewed, leading to unauthorized actions being performed under the guise of a legitimate user.
POC:
You should create new Post. After creation you should put payload to “content” filed
<!-- wp:genesis-blocks/gb-sharing {\"clientId\":\"637f246b-cc4c-4af5-8fbd-bcbe40306498\",\"email\":true,\"shareButtonShape\":\"123\\u0022onmouseover='alert(1)'\",\"shareButtonSize\":\"123\",\"shareButtonColor\":\"123\"} /-->
____
The risks associated with this vulnerability are significant. If exploited, attackers can gain administrative access, allowing them to alter site content, manipulate site functionality, and access sensitive user data. The potential for reputational damage and legal consequences is high, especially for business-oriented sites.
Recommendations for Improved Security
To mitigate this vulnerability, users are urged to update the Genesis Blocks plugin immediately upon release of a fix. Additionally, site administrators should regularly audit their plugins and themes for updates and potential vulnerabilities, employ robust input validation, and consider using web application firewalls (WAFs) to detect and block malicious input.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-3901, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
ARTYOM K.