Gutenberg Blocks by Kadence Blocks < 3.2.26 – Contributor+ Stored XSS | CVE 2024-2509 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

As a contributor (or above), edit a post in Code Editor mode, put the below code in it and save:

<!-- wp:kadence/advanced-form-text {"uniqueID":"9c5eb1-eb","formID":"1","label":"Name","placeholder":"Mouse Over There!\u0022onmouseover='alert(/XSS/)'"} /-->

The XSS will be trigged when viewing/previewing the post and moving the mouse over the generated input.

Affects Plugins

Fixed in 3.2.26

References

CVE

URL

https://research.cleantalk.org/cve-2024-2509/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

dec4a632-e04b-4fdd-86e4-48304b892a4f

Timeline

Publicly Published

2024-03-15 (about 2 months ago)

Added

2024-03-15 (about 2 months ago)

Last Updated

2024-03-18 (about 1 months ago)

Other

Published

Title

Published

2016-04-13

Title

e-search <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Published

2023-02-28

Title

Advanced Text Widget <= 2.1.2 - Admin+ Stored XSS

Published

2023-01-11

Title

EAN for WooCommerce < 4.4.3 - Contributor+ Stored XSS

Published

2023-08-16

Title

Custom Admin Login Page | WPZest <= 1.2.0 - Admin+ Stored XSS

Published

2022-09-30

Title

CRM Perks Forms < 1.1.1 - Reflected XSS