The popular Genesis Blocks plugin, a cornerstone for many WordPress sites, has recently been pinpointed as a vehicle for cybersecurity threats. With its wide usage across over 100,000 installations, the implications of this vulnerability are extensive and alarming.

CVECVE-2024-3901
PluginGenesis Blocks <= 3.1.3
CriticalHigh
All Time1 526 000
Active installations100 000+
Publicly PublishedJuly 15, 2024
Last UpdatedJuly 15, 2024
ResearcherDmitrii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3901
https://wpscan.com/vulnerability/9502e1ac-346e-4431-90a6-61143d2df37b/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

April 12, 2024Plugin testing and vulnerability detection in the Genesis Blocks have been completed
April 12, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
July 15, 2024Registered CVE-2024-3901

Discovery of the Vulnerability

During routine security assessments, researchers uncovered a critical Stored Cross-Site Scripting (XSS) vulnerability tagged as CVE-2024-3901. This flaw can be exploited by attackers to perform unauthorized actions, potentially leading to administrative account creation and full system compromise.

Understanding of Stored XSS attack’s

Stored XSS attacks are particularly dangerous within WordPress because they allow attackers to inject malicious scripts into web pages viewed by other users. These scripts can steal cookies, hijack sessions, or redirect victims to malicious websites. This type of vulnerability is notorious within web applications and has been exploited in numerous plugins, underscoring the need for rigorous input sanitization.

Exploiting the Stored XSS Vulnerability

The exploitation method involves inserting a malicious JavaScript code snippet into the “content” field of a new post using the Genesis Blocks plugin. The malicious code is executed when the post is viewed, leading to unauthorized actions being performed under the guise of a legitimate user.

POC:

You should create new Post. After creation you should put payload to “content” filed

<!-- wp:genesis-blocks/gb-sharing {\"clientId\":\"637f246b-cc4c-4af5-8fbd-bcbe40306498\",\"email\":true,\"shareButtonShape\":\"123\\u0022onmouseover='alert(1)'\",\"shareButtonSize\":\"123\",\"shareButtonColor\":\"123\"} /-->

____

The risks associated with this vulnerability are significant. If exploited, attackers can gain administrative access, allowing them to alter site content, manipulate site functionality, and access sensitive user data. The potential for reputational damage and legal consequences is high, especially for business-oriented sites.

Recommendations for Improved Security

To mitigate this vulnerability, users are urged to update the Genesis Blocks plugin immediately upon release of a fix. Additionally, site administrators should regularly audit their plugins and themes for updates and potential vulnerabilities, employ robust input validation, and consider using web application firewalls (WAFs) to detect and block malicious input.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-3901, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

ARTYOM K.
CVE-2024-3901 – Genesis Blocks – Stored XSS to Admin Account Creation – POC

Create your CleanTalk account



By signing up, you agree with license. Have an account? Log in.


Leave a Reply

Your email address will not be published. Required fields are marked *