A critical security flaw, identified as CVE-2024-2369, threatens the integrity of over 400,000+ WordPress sites leveraging the Page Builder Gutenberg Blocks – CoBlocks plugin. This vulnerability, allowing Stored XSS to Admin Account Creation, poses an imminent risk of unauthorized access and control over administrative privileges.
Main info:
| CVE | CVE-2024-2369 |
| Plugin | Page Builder Gutenberg Blocks CoBlocks < 3.1.7 |
| Critical | High |
| All Time | 19 891 754 |
| Active installations | 400 000+ |
| Publicly Published | March 15, 2023 |
| Last Updated | March 15, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2369 https://wpscan.com/vulnerability/252dfc35-4c8c-4304-aa09-73dfe986b10d/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| March 7, 2023 | Plugin testing and vulnerability detection in the Page Builder Gutenberg Blocks CoBlocks have been completed |
| March 7, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| March 15, 2024 | Registered CVE-2024-2369 |
Discovery of the Vulnerability
During routine security testing, researchers uncovered a vulnerability within the Page Builder Gutenberg Blocks CoBlocks plugin. This flaw enables malicious actors to execute arbitrary JavaScript code via stored XSS, consequently leading to the creation of admin-level accounts.
Understanding of Stored XSS attack’s
Stored XSS exploits enable attackers to inject malicious scripts into web applications, which are then executed when unsuspecting users interact with affected pages. In the context of WordPress, this vulnerability facilitates the unauthorized creation of admin accounts by leveraging the plugin’s functionality.
Exploiting the Stored XSS Vulnerability
To exploit this vulnerability, attackers can embed malicious JavaScript code into a new post using the Page Builder Gutenberg Blocks plugin. By crafting a payload and injecting it into the plugin’s features, they can execute scripts that trigger the creation of admin accounts upon interaction.
POC:
- You should create new Post and put “Icon” block. After creation you should put payload to “Link URL” filed – 123″ onmouseover=’alert(1)’
___
The exploitation of CVE-2024-2369 poses severe consequences for affected WordPress sites. Unauthorized admin account creation grants attackers unfettered access to site resources, potentially leading to data theft, content manipulation, and further compromise of sensitive information.
Recommendations for Improved Security
Website administrators are strongly advised to update the Page Builder Gutenberg Blocks plugin to the latest patched version immediately. Additionally, implementing robust security measures such as regular vulnerability scanning, access control, and user input validation can mitigate the risk of similar exploits in the future.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-2369, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
