In the ever-evolving landscape of web security, vulnerabilities in popular plugins can have widespread and severe consequences. A recent vulnerability, identified as CVE-2024-4057, has been discovered in the Gutenberg Blocks by Kadence Blocks plugin, a widely used tool with over 400,000 active installations. This critical-high vulnerability allows attackers to execute Stored Cross-Site Scripting (XSS) attacks, leading to admin account creation and potentially compromising the entire website.

CVECVE-2024-4057
PluginGutenberg Blocks by Kadence Blocks < 3.2.37
CriticalHigh
All Time19 247 496
Active installations400 000+
Publicly PublishedMay 14, 2024
Last UpdatedMay 14, 2024
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
PoCYes
ExploitNo
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4057
https://wpscan.com/vulnerability/da4d4d87-07b3-4f7d-bcbd-d29968a30b4f/
Plugin Security Certification by CleanTalk
Logo of the plugin

Timeline

April 16, 2024Plugin testing and vulnerability detection in the Gutenberg Blocks by Kadence Blocks have been completed
April 16, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
May 14, 2024Registered CVE-2024-4057

Discovery of the Vulnerability

During routine security testing of the Gutenberg Blocks by Kadence Blocks plugin, researchers uncovered a critical Stored XSS vulnerability. This flaw allows contributors to embed malicious JavaScript code in new posts, exploiting the site’s security measures. The vulnerability was detected when a proof-of-concept (PoC) block was crafted and tested, demonstrating the potential for significant security breaches.

Understanding of Stored XSS attack’s

Stored XSS, also known as persistent XSS, is a type of vulnerability where malicious scripts are injected into a website’s database. Unlike reflected XSS, which requires user interaction to trigger, stored XSS can affect any user who views the compromised content. In WordPress, such vulnerabilities are particularly dangerous due to the platform’s extensive use of plugins and themes, which can introduce security flaws if not properly sanitized and validated.

Exploiting the Stored XSS Vulnerability

The PoC for exploiting CVE-2024-4057 involves creating a new post with the following block:

POC:

<!– wp:kadence/lottie {\”fileUrl\”:\”https://lottie.host/9a802a6b-8684-423f-9eb3-c88be9caa335/QuOMXrIn7t.lottie\\u0022 onmouseover=MALICIOU_FUNCTION_HERE//\”,\”uniqueID\”:\”1814_a91f5a-a6\”} /–>\n\n<!– wp:paragraph –>\n<p></p>\n<!– /wp:paragraph –>

____

This block utilizes the “fileUrl” attribute to inject the JavaScript onmouseover event, triggering an alert box. When an administrator or editor views the post, the malicious code executes, potentially allowing the attacker to create an admin account or perform other unauthorized actions.

The implications of this vulnerability are significant:

  1. Admin Account Creation: By exploiting this flaw, attackers can escalate their privileges, creating new admin accounts and gaining full control over the WordPress site.
  2. Data Theft: With admin access, attackers can exfiltrate sensitive data, including user information, financial records, and proprietary content.
  3. Site Defacement: Malicious actors can alter the site’s appearance, inject further malicious code, or display unauthorized content.
  4. Backdoor Implementation: Attackers can install backdoors, ensuring they maintain access to the site even if their initial entry point is discovered and patched.

Recommendations for Improved Security

To mitigate the risks associated with CVE-2024-4057 and enhance overall security, the following steps are recommended:

  1. Immediate Update: Ensure that the Gutenberg Blocks by Kadence Blocks plugin is updated to the latest version, which addresses this vulnerability.
  2. Input Sanitization and Validation: Developers should implement rigorous input sanitization and validation to prevent the injection of malicious scripts.
  3. Regular Security Audits: Conduct regular security audits of plugins and themes to identify and address potential vulnerabilities.
  4. Least Privilege Principle: Limit the permissions of user roles to the minimum necessary for their tasks, reducing the impact of any compromised accounts.
  5. Security Plugins: Utilize security plugins that offer features like malware scanning, firewall protection, and real-time threat monitoring.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-4057, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.
CVE-2024-4057 – Gutenberg Blocks by Kadence Blocks – Stored XSS to Admin Account Creation (Contributor+) Critical-High – POC

Create your CleanTalk account



By signing up, you agree with license. Have an account? Log in.


Leave a Reply

Your email address will not be published. Required fields are marked *