CVE-2024-12045
CVE-2024-12045 is a Stored Cross-Site Scripting (XSS) vulnerability in the Essential Blocks WordPress plugin. This flaw allows authenticated administrators to inject malicious web scripts into pages via the Google Maps block's maker title. The injected scripts execute when users visit the affected pages, posing a significant security risk.
CVE-2024-12045 affects WordPress multi-site installations and single-site installations with unfiltered_html disabled, up to plugin version 5.0.9. An attacker could exploit this vulnerability to steal sensitive information, redirect users to malicious sites, or compromise the integrity of the WordPress website. Although the CVSS score is 4.8, the SOCRadar Vulnerability Risk Score (SVRS) is 46, indicating a moderate risk. While not critical, the presence of the "In The Wild" tag suggests active exploitation, warranting prompt attention and patching to mitigate potential damage from this WordPress plugin vulnerability.
Description
CVE-2024-12045 affects the Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw that arises from insufficient input sanitization and output escaping in the maker title value of the Google Maps block. This allows authenticated attackers with administrator-level access to inject arbitrary web scripts into pages, which execute whenever a user accesses an injected page.
SVRS: 38
This vulnerability, while categorized as a "medium" risk by CVSS with a score of 4.4, has an SVRS of 38. This indicates a moderate risk level requiring attention but not immediate action. However, with the vulnerability being "In The Wild," this means that it is currently being actively exploited by hackers.
Key Insights
- Impact: Successful exploitation of this vulnerability could lead to website defacement, data theft, account takeover, and other malicious activities.
- Affected Versions: All versions of the Essential Blocks plugin up to and including 5.0.9 are vulnerable.
- Exploitation: The vulnerability is being actively exploited "In The Wild." This means attackers are utilizing this vulnerability to compromise WordPress sites.
- Affected Sites: This vulnerability primarily impacts multi-site installations and installations where the
unfiltered_htmlsetting is disabled.
Mitigation Strategies
- Update the Essential Blocks plugin: Immediately update the Essential Blocks plugin to the latest version (currently 5.0.10 or later). This patch addresses the vulnerability and is the most effective way to mitigate the risk.
- Disable Google Maps block: As a temporary measure, consider disabling the Google Maps block within the Essential Blocks plugin until you have updated to a patched version.
- Regularly scan for vulnerabilities: Implement a comprehensive vulnerability scanning program to regularly check for and identify vulnerabilities in your WordPress installations.
- Implement a Web Application Firewall (WAF): Utilize a WAF to provide an extra layer of security by blocking malicious traffic targeting your website.
Additional Information
This vulnerability has been identified as "In The Wild," indicating active exploitation by hackers. This means that it is critical to take immediate action to mitigate the risk. If you have any additional questions regarding this incident, please use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.
Indicators of Compromise
Exploits
News
Social Media
Affected Software
References
CWE Details
CVE Radar
Real-time CVE Intelligence & Vulnerability Management Platform
CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.