A critical security flaw, identified as CVE-2024-2369, threatens the integrity of over 400,000+ WordPress sites leveraging the Page Builder Gutenberg Blocks – CoBlocks plugin. This vulnerability, allowing Stored XSS to Admin Account Creation, poses an imminent risk of unauthorized access and control over administrative privileges.

Main info:

PluginPage Builder Gutenberg Blocks CoBlocks < 3.1.7
All Time19 891 754
Active installations400 000+
Publicly PublishedMarch 15, 2023
Last UpdatedMarch 15, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2369
Plugin Security Certification by CleanTalk


March 7, 2023Plugin testing and vulnerability detection in the Page Builder Gutenberg Blocks CoBlocks have been completed
March 7, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
March 15, 2024Registered CVE-2024-2369

Discovery of the Vulnerability

During routine security testing, researchers uncovered a vulnerability within the Page Builder Gutenberg Blocks CoBlocks plugin. This flaw enables malicious actors to execute arbitrary JavaScript code via stored XSS, consequently leading to the creation of admin-level accounts.

Understanding of Stored XSS attack’s

Stored XSS exploits enable attackers to inject malicious scripts into web applications, which are then executed when unsuspecting users interact with affected pages. In the context of WordPress, this vulnerability facilitates the unauthorized creation of admin accounts by leveraging the plugin’s functionality.

Exploiting the Stored XSS Vulnerability

To exploit this vulnerability, attackers can embed malicious JavaScript code into a new post using the Page Builder Gutenberg Blocks plugin. By crafting a payload and injecting it into the plugin’s features, they can execute scripts that trigger the creation of admin accounts upon interaction.


  1. You should create new Post and put “Icon” block. After creation you should put payload to “Link URL” filed – 123″ onmouseover=’alert(1)’


The exploitation of CVE-2024-2369 poses severe consequences for affected WordPress sites. Unauthorized admin account creation grants attackers unfettered access to site resources, potentially leading to data theft, content manipulation, and further compromise of sensitive information.

Recommendations for Improved Security

Website administrators are strongly advised to update the Page Builder Gutenberg Blocks plugin to the latest patched version immediately. Additionally, implementing robust security measures such as regular vulnerability scanning, access control, and user input validation can mitigate the risk of similar exploits in the future.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-2369, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability

Use CleanTalk solutions to improve the security of your website


Create your CleanTalk account

By signing up, you agree with license. Have an account? Log in.
CVE-2024-2369 – Page Builder Gutenberg Blocks – CoBlocks – Stored XSS to Admin Account Creation (Contributor+) – POC

Leave a Reply

Your email address will not be published. Required fields are marked *