In the ever-evolving landscape of web security, vulnerabilities in popular plugins can have widespread and severe consequences. A recent vulnerability, identified as CVE-2024-4057, has been discovered in the Gutenberg Blocks by Kadence Blocks plugin, a widely used tool with over 400,000 active installations. This critical-high vulnerability allows attackers to execute Stored Cross-Site Scripting (XSS) attacks, leading to admin account creation and potentially compromising the entire website.
| CVE | CVE-2024-4057 |
| Plugin | Gutenberg Blocks by Kadence Blocks < 3.2.37 |
| Critical | High |
| All Time | 19 247 496 |
| Active installations | 400 000+ |
| Publicly Published | May 14, 2024 |
| Last Updated | May 14, 2024 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4057 https://wpscan.com/vulnerability/da4d4d87-07b3-4f7d-bcbd-d29968a30b4f/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
Timeline
| April 16, 2024 | Plugin testing and vulnerability detection in the Gutenberg Blocks by Kadence Blocks have been completed |
| April 16, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| May 14, 2024 | Registered CVE-2024-4057 |
Discovery of the Vulnerability
During routine security testing of the Gutenberg Blocks by Kadence Blocks plugin, researchers uncovered a critical Stored XSS vulnerability. This flaw allows contributors to embed malicious JavaScript code in new posts, exploiting the site’s security measures. The vulnerability was detected when a proof-of-concept (PoC) block was crafted and tested, demonstrating the potential for significant security breaches.
Understanding of Stored XSS attack’s
Stored XSS, also known as persistent XSS, is a type of vulnerability where malicious scripts are injected into a website’s database. Unlike reflected XSS, which requires user interaction to trigger, stored XSS can affect any user who views the compromised content. In WordPress, such vulnerabilities are particularly dangerous due to the platform’s extensive use of plugins and themes, which can introduce security flaws if not properly sanitized and validated.
Exploiting the Stored XSS Vulnerability
The PoC for exploiting CVE-2024-4057 involves creating a new post with the following block:
POC:
<!– wp:kadence/lottie {\”fileUrl\”:\”https://lottie.host/9a802a6b-8684-423f-9eb3-c88be9caa335/QuOMXrIn7t.lottie\\u0022 onmouseover=MALICIOU_FUNCTION_HERE//\”,\”uniqueID\”:\”1814_a91f5a-a6\”} /–>\n\n<!– wp:paragraph –>\n<p></p>\n<!– /wp:paragraph –>
____
This block utilizes the “fileUrl” attribute to inject the JavaScript onmouseover event, triggering an alert box. When an administrator or editor views the post, the malicious code executes, potentially allowing the attacker to create an admin account or perform other unauthorized actions.
The implications of this vulnerability are significant:
- Admin Account Creation: By exploiting this flaw, attackers can escalate their privileges, creating new admin accounts and gaining full control over the WordPress site.
- Data Theft: With admin access, attackers can exfiltrate sensitive data, including user information, financial records, and proprietary content.
- Site Defacement: Malicious actors can alter the site’s appearance, inject further malicious code, or display unauthorized content.
- Backdoor Implementation: Attackers can install backdoors, ensuring they maintain access to the site even if their initial entry point is discovered and patched.
Recommendations for Improved Security
To mitigate the risks associated with CVE-2024-4057 and enhance overall security, the following steps are recommended:
- Immediate Update: Ensure that the Gutenberg Blocks by Kadence Blocks plugin is updated to the latest version, which addresses this vulnerability.
- Input Sanitization and Validation: Developers should implement rigorous input sanitization and validation to prevent the injection of malicious scripts.
- Regular Security Audits: Conduct regular security audits of plugins and themes to identify and address potential vulnerabilities.
- Least Privilege Principle: Limit the permissions of user roles to the minimum necessary for their tasks, reducing the impact of any compromised accounts.
- Security Plugins: Utilize security plugins that offer features like malware scanning, firewall protection, and real-time threat monitoring.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-4057, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
