CVE-2024-4057 – Gutenberg Blocks by Kadence Blocks – Stored XSS to Admin Account Creation (Contributor+) Critical-High – POC

In the ever-evolving landscape of web security, vulnerabilities in popular plugins can have widespread and severe consequences. A recent vulnerability, identified as CVE-2024-4057, has been discovered in the Gutenberg Blocks by Kadence Blocks plugin, a widely used tool with over 400,000 active installations. This critical-high vulnerability allows attackers to execute Stored Cross-Site Scripting (XSS) attacks, leading to admin account creation and potentially compromising the entire website.

CVE	CVE-2024-4057
Plugin	Gutenberg Blocks by Kadence Blocks < 3.2.37
Critical	High
All Time	19 247 496
Active installations	400 000+
Publicly Published	May 14, 2024
Last Updated	May 14, 2024
Researcher	Dmtirii Ignatyev
OWASP TOP-10	A7: Cross-Site Scripting (XSS)
PoC	Yes
Exploit	No
Reference	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4057 https://wpscan.com/vulnerability/da4d4d87-07b3-4f7d-bcbd-d29968a30b4f/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

April 16, 2024	Plugin testing and vulnerability detection in the Gutenberg Blocks by Kadence Blocks have been completed
April 16, 2024	I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
May 14, 2024	Registered CVE-2024-4057

Discovery of the Vulnerability

During routine security testing of the Gutenberg Blocks by Kadence Blocks plugin, researchers uncovered a critical Stored XSS vulnerability. This flaw allows contributors to embed malicious JavaScript code in new posts, exploiting the site’s security measures. The vulnerability was detected when a proof-of-concept (PoC) block was crafted and tested, demonstrating the potential for significant security breaches.

Understanding of Stored XSS attack’s

Stored XSS, also known as persistent XSS, is a type of vulnerability where malicious scripts are injected into a website’s database. Unlike reflected XSS, which requires user interaction to trigger, stored XSS can affect any user who views the compromised content. In WordPress, such vulnerabilities are particularly dangerous due to the platform’s extensive use of plugins and themes, which can introduce security flaws if not properly sanitized and validated.

Exploiting the Stored XSS Vulnerability

The PoC for exploiting CVE-2024-4057 involves creating a new post with the following block:

POC:

<!– wp:kadence/lottie {\”fileUrl\”:\”https://lottie.host/9a802a6b-8684-423f-9eb3-c88be9caa335/QuOMXrIn7t.lottie\\u0022 onmouseover=MALICIOU_FUNCTION_HERE//\”,\”uniqueID\”:\”1814_a91f5a-a6\”} /–>\n\n<!– wp:paragraph –>\n<p></p>\n<!– /wp:paragraph –>

____

This block utilizes the “fileUrl” attribute to inject the JavaScript onmouseover event, triggering an alert box. When an administrator or editor views the post, the malicious code executes, potentially allowing the attacker to create an admin account or perform other unauthorized actions.

The implications of this vulnerability are significant:

1. Admin Account Creation: By exploiting this flaw, attackers can escalate their privileges, creating new admin accounts and gaining full control over the WordPress site.
2. Data Theft: With admin access, attackers can exfiltrate sensitive data, including user information, financial records, and proprietary content.
3. Site Defacement: Malicious actors can alter the site’s appearance, inject further malicious code, or display unauthorized content.
4. Backdoor Implementation: Attackers can install backdoors, ensuring they maintain access to the site even if their initial entry point is discovered and patched.

Recommendations for Improved Security

To mitigate the risks associated with CVE-2024-4057 and enhance overall security, the following steps are recommended:

1. Immediate Update: Ensure that the Gutenberg Blocks by Kadence Blocks plugin is updated to the latest version, which addresses this vulnerability.
2. Input Sanitization and Validation: Developers should implement rigorous input sanitization and validation to prevent the injection of malicious scripts.
3. Regular Security Audits: Conduct regular security audits of plugins and themes to identify and address potential vulnerabilities.
4. Least Privilege Principle: Limit the permissions of user roles to the minimum necessary for their tasks, reducing the impact of any compromised accounts.
5. Security Plugins: Utilize security plugins that offer features like malware scanning, firewall protection, and real-time threat monitoring.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-4057, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.