CVE-2024-1988
📋 TL;DR
This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into website pages via the 'tag' attribute in blocks. The scripts are stored and execute whenever users visit the compromised pages, enabling attackers to steal session cookies, redirect users, or perform other malicious actions. All WordPress sites using the affected Combo Blocks plugin versions are vulnerable.
💻 Affected Systems
- Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress
📦 What is this software?
Post Grid by Pickplugins
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over the WordPress site, install backdoors, deface the site, or redirect visitors to malicious sites for credential theft or malware distribution.
Likely Case
Attackers with contributor accounts inject malicious scripts to steal user session cookies, potentially compromising user accounts and enabling further site manipulation.
If Mitigated
With proper user access controls and content review processes, the risk is limited to script injection that can be detected and removed before causing significant harm.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once an attacker has contributor-level credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.81
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3084503/post-grid/tags/2.2.81/includes/blocks/accordion-nested-item/index.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Combo Blocks' plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.2.81 from WordPress repository and manually update.
🔧 Temporary Workarounds
Remove Contributor Access
allTemporarily remove contributor-level access for untrusted users until patching is complete.
Disable Plugin
allTemporarily disable the Combo Blocks plugin if not essential for site functionality.
🧯 If You Can't Patch
- Implement strict user access controls and review all content from contributors before publishing
- Deploy a web application firewall (WAF) with XSS protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → Combo Blocks version. If version is 2.2.80 or lower, you are vulnerable.Check Version:
wp plugin list --name='combo-blocks' --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 2.2.81 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual content modifications by contributor-level users
- Suspicious script tags in post/page content
Network Indicators:
- Unexpected external script loads from WordPress pages
- Suspicious redirects from legitimate pages
SIEM Query:
source="wordpress" AND (event="post_modified" OR event="plugin_updated") AND plugin="combo-blocks"🔗 References
- https://plugins.trac.wordpress.org/changeset/3084503/post-grid/tags/2.2.81/includes/blocks/accordion-nested-item/index.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e49da9e7-26a1-442b-b5d0-1da3bcf0e8c9?source=cve
- https://plugins.trac.wordpress.org/changeset/3084503/post-grid/tags/2.2.81/includes/blocks/accordion-nested-item/index.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e49da9e7-26a1-442b-b5d0-1da3bcf0e8c9?source=cve
