Page Builder Gutenberg Blocks < 3.1.7 – Contributor+ Stored XSS | CVE 2024-2369 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

Create/Edit a Post, add an "Icon" block and put the following payload in the "Link Settings > Link URL: " field: 123" onmouseover='alert(/XSS/)'

The XSS will be triggered when viewing/previewing the post and moving the mouse over the icon

Affects Plugins

Fixed in 3.1.7

References

CVE

URL

https://research.cleantalk.org/cve-2024-2369/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

252dfc35-4c8c-4304-aa09-73dfe986b10d

Timeline

Publicly Published

2024-03-12 (about 2 months ago)

Added

2024-03-12 (about 2 months ago)

Last Updated

2024-03-27 (about 1 months ago)

Other

Published

Title

Published

2022-06-03

Title

Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting

Published

2023-06-22

Title

WPBakery Page Builder < 6.13.0 - Contributor+ Stored XSS

Published

2018-10-24

Title

Pie Register <= 3.0.17 - Unauthenticated Cross-Site Scripting (XSS)

Published

2014-08-01

Title

Recommend a friend 2.0.2 - inc/raf_form.php current_url Parameter Reflected XSS

Published

2014-12-04

Title

Broken Link Checker 1.10.1 - Authenticated Stored XSS