A critical vulnerability, CVE-2024-2729, found in Otter Blocks, a popular WordPress plugin with over 300,000 installations, poses a significant risk to website security. This exploit allows attackers to execute malicious JavaScript code, potentially leading to the creation of admin accounts.

Main info:

CVECVE-2024-2729
PluginOtter Blocks < 2.6.6
CriticalHigh
All Time7 072 287
Active installations300 000+
Publicly PublishedMarch 25, 2023
Last UpdatedMarch 25, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2729
https://wpscan.com/vulnerability/5014f886-020e-49d1-96a5-2159eed8ba14/
Plugin Security Certification by CleanTalk

Timeline

March 15, 2023Plugin testing and vulnerability detection in the Otter Blocks plugin have been completed
March 15, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
March 25, 2024Registered CVE-2024-2729

Discovery of the Vulnerability

During routine testing, security researchers uncovered a flaw in Otter Blocks that enables the injection of stored cross-site scripting (XSS) payloads via the creation of new posts. This vulnerability grants contributors the ability to execute arbitrary code, including the creation of admin accounts.

Understanding of Stored XSS attack’s

Stored XSS vulnerabilities occur when user input is improperly sanitized and stored by a web application, allowing attackers to inject malicious scripts. In WordPress, this often happens through plugins or themes that fail to adequately filter user-generated content.

Exploiting the Stored XSS Vulnerability

Exploiting CVE-2024-2729 involves creating a new post and inserting a crafted payload into the content field. By leveraging this vulnerability, attackers can execute arbitrary JavaScript, potentially gaining unauthorized access to admin privileges.

POC:

Create a new post and put here “wp:themeisle-blocks/review” block. Change “mainHeading” to XSS payload

___

The ramifications of this vulnerability are severe. Attackers could hijack admin accounts, compromising entire WordPress installations. They may deface websites, steal sensitive data, or launch further attacks, posing a significant risk to site owners and users.

Recommendations for Improved Security

To mitigate the risk posed by CVE-2024-2729, site administrators are advised to update Otter Blocks to the latest patched version immediately. Additionally, regular security audits and thorough code reviews are crucial for identifying and addressing vulnerabilities in WordPress plugins and themes.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-2729, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.
CVE-2024-2729 – Otter Blocks – Stored XSS to Admin Account Creation (Contributor+) – POC

Create your CleanTalk account



By signing up, you agree with license. Have an account? Log in.


Leave a Reply

Your email address will not be published. Required fields are marked *