CVE-2024-13549
📋 TL;DR
This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious scripts into pages using the Accordion widget. The scripts execute whenever users view the compromised pages, enabling session hijacking, defacement, or malware distribution. All WordPress sites using the All Bootstrap Blocks plugin up to version 1.3.26 are affected.
💻 Affected Systems
- All Bootstrap Blocks WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, redirect users to malicious sites, install backdoors, or completely compromise the WordPress site and potentially the underlying server.
Likely Case
Attackers with contributor access inject malicious scripts to steal user session cookies, display phishing content, or deface website pages.
If Mitigated
With proper user access controls and content security policies, impact is limited to isolated page defacement or temporary user redirection.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple. Public proof-of-concept exists in the WordPress plugin repository changeset.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.27 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3228370/all-bootstrap-blocks/trunk/blocks/accordion-item.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'All Bootstrap Blocks' and click 'Update Now'. 4. Verify version is 1.3.27 or higher.
🔧 Temporary Workarounds
Disable Accordion Widget
allTemporarily disable the vulnerable Accordion widget until patching is possible
Edit WordPress theme functions.php and add: remove_action('init', 'register_accordion_widget');
Restrict User Roles
allTemporarily remove Contributor role access until patch is applied
Use WordPress user management to downgrade Contributor users to Subscriber role
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Regularly audit user accounts and remove unnecessary Contributor-level access
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > All Bootstrap Blocks. If version is 1.3.26 or lower, you are vulnerable.Check Version:
wp plugin list --name='all-bootstrap-blocks' --field=versionVerify Fix Applied:
After updating, verify plugin version shows 1.3.27 or higher in WordPress admin plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/post.php with accordion content
- Multiple page edits by Contributor users
- Script tags in post_content field of wp_posts table
Network Indicators:
- External script loads from accordion content pages
- Suspicious outbound connections from accordion pages
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/post.php" AND method="POST" AND form_data CONTAINS "accordion")