CVE-2024-2273
📋 TL;DR
This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the Kadence Blocks plugin. The scripts are stored and execute whenever users view the compromised pages, potentially affecting all visitors to the vulnerable WordPress site.
💻 Affected Systems
- Gutenberg Blocks by Kadence Blocks – Page Builder Features WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, redirect users to malicious sites, deface websites, or perform actions on behalf of authenticated users, potentially leading to complete site compromise.
Likely Case
Attackers with contributor access inject malicious scripts to steal user data, display unwanted content, or redirect visitors to phishing sites.
If Mitigated
With proper user access controls and content security policies, impact is limited to defacement or minor data leakage from affected pages.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once attacker has contributor-level credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.35 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3075158%40kadence-blocks%2Ftrunk&old=3068562%40kadence-blocks%2Ftrunk
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Kadence Blocks' and click 'Update Now'. 4. Verify plugin version is 3.2.35 or higher.
🔧 Temporary Workarounds
Restrict User Permissions
allTemporarily restrict contributor-level access or implement additional content review workflows
Implement Content Security Policy
linuxAdd CSP headers to restrict script execution sources
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or add to wp-config.php: header("Content-Security-Policy: default-src 'self'; script-src 'self'");
🧯 If You Can't Patch
- Disable Kadence Blocks plugin temporarily
- Implement strict user access controls and audit contributor accounts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → Kadence Blocks versionCheck Version:
wp plugin list --name=kadence-blocks --field=versionVerify Fix Applied:
Verify plugin version is 3.2.35 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unusual content modifications by contributor users
- Multiple page edits in short timeframes
- Script tags in post content from unexpected users
Network Indicators:
- Unexpected external script loads from WordPress pages
- Suspicious redirects from legitimate pages
SIEM Query:
source="wordpress" (event="post_modified" OR event="plugin_updated") plugin="kadence-blocks" version<="3.2.34"🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3075158%40kadence-blocks%2Ftrunk&old=3068562%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e7fe482e-a4e8-411c-97a4-a32ccf5b3682?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3075158%40kadence-blocks%2Ftrunk&old=3068562%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e7fe482e-a4e8-411c-97a4-a32ccf5b3682?source=cve
