CVE-2023-36385
📋 TL;DR
Unauthenticated reflected cross-site scripting (XSS) vulnerability in the PostX WordPress plugin allows attackers to inject malicious scripts via crafted URLs. This affects WordPress sites using PostX - Gutenberg Post Grid Blocks plugin version 2.9.9 and earlier. Attackers can execute arbitrary JavaScript in victims' browsers when they visit malicious links.
💻 Affected Systems
- PostX - Gutenberg Post Grid Blocks (WordPress plugin)
📦 What is this software?
Postx by Wpxpo
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, perform actions as authenticated users, redirect users to malicious sites, or deploy malware payloads through the compromised WordPress site.
Likely Case
Attackers typically use this to steal session cookies or credentials, perform phishing attacks, or deface websites by injecting malicious content visible to users.
If Mitigated
With proper Content Security Policy (CSP) headers and input validation, the impact is limited to potential data leakage from the specific vulnerable parameter.
🎯 Exploit Status
Reflected XSS vulnerabilities are commonly weaponized in phishing campaigns and require minimal technical skill to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.9.10 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'PostX - Gutenberg Post Grid Blocks'. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.9.10+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Temporary plugin deactivation
allDisable the vulnerable plugin until patched
wp plugin deactivate ultimate-post
Web Application Firewall (WAF) rule
allBlock requests containing XSS payloads targeting the vulnerable parameter
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to mitigate script execution
- Use web application firewall to filter malicious input to the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for PostX versionCheck Version:
wp plugin get ultimate-post --field=versionVerify Fix Applied:
Verify plugin version is 2.9.10 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- HTTP requests with suspicious parameters containing script tags or JavaScript code
- Unusual referrer headers with encoded payloads
Network Indicators:
- Requests to WordPress sites with URL parameters containing <script>, javascript:, or encoded HTML entities
SIEM Query:
http.url:*postx* AND (http.uri:*<script* OR http.uri:*javascript:* OR http.uri:*%3Cscript*)🔗 References
- https://patchstack.com/database/vulnerability/ultimate-post/wordpress-postx-gutenberg-post-grid-blocks-plugin-2-9-9-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/ultimate-post/wordpress-postx-gutenberg-post-grid-blocks-plugin-2-9-9-cross-site-scripting-xss-vulnerability?_s_id=cve
