WordPress, the world’s most popular content management system, boasts an extensive library of plugins designed to extend its functionality. While these plugins offer incredible benefits, they also introduce potential security vulnerabilities. One such vulnerability, identified as CVE-2024-4655, affects the Ultimate Blocks plugin, which is installed on over 50,000 websites. This vulnerability allows attackers to execute Stored Cross-Site Scripting (XSS) attacks, leading to severe consequences, including the creation of admin accounts by unauthorized users.
| CVE | CVE-2024-4655 |
| Plugin | Ultimate Blocks < 3.1.9 |
| Critical | High |
| All Time | 1 391 292 |
| Active installations | 50 000+ |
| Publicly Published | June 27, 2024 |
| Last Updated | June 27, 2024 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4655 https://wpscan.com/vulnerability/a0dc73b3-3c51-4d03-963f-00fa7d8b0d51/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
Timeline
| May 4, 2024 | Plugin testing and vulnerability detection in the Ultimate Blocks have been completed |
| May 4, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| June 27, 2024 | Registered CVE-2024-4655 |
Discovery of the Vulnerability
During routine security testing of the Ultimate Blocks plugin, a critical vulnerability was discovered. This plugin, known for enhancing the Gutenberg editor with additional block options, was found to have a Stored XSS flaw. Specifically, the issue was traced to the “tabbed-content-block” feature, where improper sanitization of user input could be exploited. The vulnerability allows a contributor, or any user with similar permissions, to embed malicious JavaScript code into a post, which could then be executed in the browser of an admin user.
Understanding of Stored XSS attack’s
Cross-Site Scripting (XSS) is a type of security vulnerability typically found in web applications. It allows attackers to inject malicious scripts into content that is delivered to other users. There are three main types of XSS: Reflected, Stored, and DOM-based. Stored XSS, the most severe type, occurs when the malicious code is permanently stored on the target server, such as within a database, and then displayed to users when they view the infected content.
WordPress, with its vast ecosystem of themes and plugins, is particularly susceptible to XSS attacks. For instance, past vulnerabilities have been found in popular plugins like Contact Form 7 and WP-Statistics, where attackers exploited XSS flaws to gain unauthorized access or deface websites.
Exploiting the Stored XSS Vulnerability
To exploit the vulnerability in the Ultimate Blocks plugin, an attacker with contributor-level access would follow these steps:
POC:
Create a new Post and add “tabbed-content-block” block. Change “tabsAnchor” field to 123″ onmouseover=alert(1)
____
The implications of such a vulnerability are vast and alarming. In real-world scenarios, an attacker could exploit this flaw to inject code that creates a backdoor admin account. This new account would allow the attacker to bypass all security measures and gain full control over the website. They could then deface the site, steal sensitive data, or even use the site to distribute malware to unsuspecting visitors.
For a business, this could mean a severe loss of customer trust, potential legal liabilities, and significant financial damage. For personal bloggers or small businesses, the impact could be equally devastating, leading to loss of valuable content and disruption of online presence.
Recommendations for Improved Security
To mitigate such risks, website administrators and plugin developers should follow these best practices:
- Regular Updates: Always keep WordPress core, themes, and plugins updated to the latest versions.
- Input Sanitization: Plugin developers should ensure that all user inputs are properly sanitized and validated to prevent malicious code from being executed.
- Least Privilege Principle: Limit user permissions to the minimum required for their role. Contributors should not have capabilities that could pose a security risk.
- Security Plugins: Use security plugins that provide additional layers of protection, including real-time threat detection and automated backups.
- Regular Audits: Conduct regular security audits and code reviews to identify and fix potential vulnerabilities before they can be exploited.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-4655, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
