CVE-2024-13732
📋 TL;DR
This stored XSS vulnerability in the Responsive Blocks WordPress plugin allows authenticated attackers with Contributor access or higher to inject malicious scripts into website pages. When users visit compromised pages, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. All WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Responsive Blocks – WordPress Gutenberg Blocks
📦 What is this software?
Responsive Blocks by Cyberchimps
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, deface websites, redirect visitors to malicious sites, or install backdoors for persistent access.
Likely Case
Attackers with contributor accounts inject malicious scripts to steal visitor session cookies or credentials, potentially compromising user accounts.
If Mitigated
With proper user access controls and content security policies, impact is limited to isolated script execution without data exfiltration.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once attacker has Contributor privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.10.0
Vendor Advisory: https://wordpress.org/plugins/responsive-block-editor-addons/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Responsive Blocks – WordPress Gutenberg Blocks'. 4. Click 'Update Now' if available, or download version 1.10.0+ from WordPress repository. 5. Activate updated plugin.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Responsive Blocks plugin until patched
wp plugin deactivate responsive-block-editor-addons
Restrict user roles
allTemporarily remove Contributor role access or limit to trusted users only
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Regularly audit user accounts and remove unnecessary Contributor-level access
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Responsive Blocks – WordPress Gutenberg Blocks' version 1.9.9 or lowerCheck Version:
wp plugin get responsive-block-editor-addons --field=versionVerify Fix Applied:
Confirm plugin version is 1.10.0 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to post-carousel endpoints with script tags in parameters
- Multiple failed login attempts followed by successful Contributor login
Network Indicators:
- Outbound connections to unknown domains from WordPress pages
- Unexpected script tags in page responses
SIEM Query:
source="wordpress.log" AND ("section_tag" AND ("script" OR "javascript:" OR "onerror="))🔗 References
- https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/src/blocks/post-carousel/index.php#L643
- https://plugins.trac.wordpress.org/changeset/3231017/
- https://wordpress.org/plugins/responsive-block-editor-addons
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1c0e5c85-72c3-4f09-aade-ec5a82b9cc41?source=cve
