CVE-2021-24546 – This vulnerability allows users with contributo... (How to Fix)

Q: What is the severity of CVE-2021-24546?

CVE-2021-24546 has a CVSS score of 8.8 (HIGH). This vulnerability allows users with contributor-level access in WordPress to execute arbitrary PHP code through the Gutenberg Block Editor Toolkit plugin. Attackers can inject malicious code via the Conditional Logic field in Custom Visibility settings, leading to remote code execution. WordPress sites using vulnerable versions of the EditorsKit plugin are affected.

📋 TL;DR

This vulnerability allows users with contributor-level access in WordPress to execute arbitrary PHP code through the Gutenberg Block Editor Toolkit plugin. Attackers can inject malicious code via the Conditional Logic field in Custom Visibility settings, leading to remote code execution. WordPress sites using vulnerable versions of the EditorsKit plugin are affected.

💻 Affected Systems

Products:

WordPress Gutenberg Block Editor Toolkit (EditorsKit) plugin

Versions: All versions before 1.31.6

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with EditorsKit plugin enabled and contributor-level user access.

📦 What is this software?

Editorskit by Extendify

View all CVEs affecting Editorskit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full site compromise allowing attackers to execute arbitrary PHP code, install backdoors, steal data, deface websites, or pivot to other systems.

🟠

Likely Case

Contributor-level users or attackers who gain contributor access can execute PHP code to modify content, create admin accounts, or install malware.

🟢

If Mitigated

With proper role-based access controls and input validation, impact is limited to authorized users only, but still represents significant risk.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires contributor-level access. Public proof-of-concept exists showing code injection via Conditional Logic field.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.31.6

Vendor Advisory: https://wpscan.com/vulnerability/bdc36f6a-682d-4d66-b587-92e86085d971

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Gutenberg Block Editor Toolkit – EditorsKit'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.31.6+ from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Disable EditorsKit Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate editorskit

Restrict Contributor Access

all

Temporarily elevate contributor role requirements or restrict access

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block PHP code injection attempts
Restrict contributor user creation and monitor existing contributor accounts for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → EditorsKit version. If version is below 1.31.6, system is vulnerable.

Check Version:

wp plugin get editorskit --field=version

Verify Fix Applied:

Confirm plugin version is 1.31.6 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to wp-admin/admin-ajax.php with conditional_logic parameters
PHP execution errors in web server logs
Unauthorized plugin or theme modifications

Network Indicators:

HTTP requests containing PHP code in conditional logic parameters
Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND ("conditional_logic" OR "editorskit") AND ("php:" OR "eval(" OR "system(")

📊 Metadata

CVE ID: CVE-2021-24546

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: October 11, 2021

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/bdc36f6a-682d-4d66-b587-92e86085d971 Exploit,Third Party Advisory
https://wpscan.com/vulnerability/bdc36f6a-682d-4d66-b587-92e86085d971 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24546, you might also want to check these: