Description: The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins.
CVE-2024-9234
Published Date: 2024-10-11T13:15:18.530
Last Modified: 2024-10-11T13:15:18.530
CVSS Score: 9.8 (CRITICAL)
EPSS Score: 0.04%
Risk Score: 6.86 (HIGH)
Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.
CVSS:
9.8 |
EPSS:
0.04%
Mitre ATT&CK Technical v15.1
T1053.002 – At
Technical Analysis & Mitigation Measures
1. Technical Attack Analysis:
– The vulnerability in the GutenKit plugin allows unauthenticated attackers to exploit the install_and_activate_plugin_from_external() function, which can lead to arbitrary file uploads.
– Attackers can leverage this vulnerability to install malicious plugins or upload malicious files masquerading as plugins, which can be executed on the server.
– Possible outcomes of exploitation include:
– Remote Code Execution (RCE) through the execution of malicious plugins.
– Data exfiltration if the attacker gains access to sensitive information through the installed malicious plugin.
– Website defacement or manipulation of content if the attacker alters the functionality of the WordPress site.
– Establishment of a backdoor for future access, compromising the security of the entire site.
2. Mitigation Measures:
– Update the GutenKit plugin to version 2.1.1 or later.
– Implement strict access controls for the WordPress REST API.
– Disable the install_and_activate_plugin_from_external() function if not needed.
– Regularly audit and review installed plugins for security vulnerabilities.
– Employ a Web Application Firewall (WAF) to monitor and filter malicious requests.
– Conduct regular security training for developers and administrators on secure coding practices.
– Utilize security plugins to enforce file upload restrictions and validate file types.
– Monitor logs for unusual activities related to plugin installations and uploads.
The content above is generated by AI. Please review and consider carefully before applying!
Reference Links
https://github.com/WordPressBugBounty/plugins-gutenkit-blocks-addon/blob/dc3738bb821cf1d93a11379b8695793fa5e1b9e6/gutenkit-blocks-addon/includes/Admin/Api/ActivePluginData.php#L76
https://plugins.trac.wordpress.org/browser/gutenkit-blocks-addon/tags/2.1.0/includes/Admin/Api/ActivePluginData.php?rev=3159783#L76
https://plugins.trac.wordpress.org/browser/gutenkit-blocks-addon/tags/2.1.1/includes/Admin/Api/ActivePluginData.php?rev=3164886
https://www.wordfence.com/threat-intel/vulnerabilities/id/e44c5dc0-6bf6-417a-9383-b345ff57ac32?source=cve
Vendor - Produce - Version
None
Disclaimer
The content on this website is automatically sourced from external websites such as the National Vulnerability Database (NVD), GitHub, and other security-related sources. This content is for reference purposes only, and we are not responsible for the accuracy or integrity of the information linked or displayed from these sources.