Login Sign Up

CVE-2024-23500

7.7 HIGH
SSRF

📋 TL;DR

This Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks allows attackers to make unauthorized requests from the WordPress server to internal or external systems. It affects WordPress sites using the Kadence Blocks plugin from any version up to 3.2.19.

💻 Affected Systems

Products:
  • Kadence WP Gutenberg Blocks (Kadence Blocks)
Versions: All versions up to and including 3.2.19
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress installations with the Kadence Blocks plugin installed and activated.

📦 What is this software?

Gutenberg Blocks With Ai by Kadencewp

View all CVEs affecting Gutenberg Blocks With Ai →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, perform port scanning, or chain with other vulnerabilities to achieve remote code execution.

🟠

Likely Case

Information disclosure from internal services, scanning of internal networks, or making requests to cloud metadata services to obtain credentials.

🟢

If Mitigated

Limited impact if network segmentation restricts internal access and external requests are filtered.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing, making them directly accessible to attackers.
🏢 Internal Only: MEDIUM - Internal WordPress installations could still be exploited by authenticated users or through other attack vectors.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

SSRF vulnerabilities typically require some level of user interaction or specific plugin functionality to trigger.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.20 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/kadence-blocks/wordpress-kadence-blocks-plugin-3-2-19-server-side-request-forgery-ssrf-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Kadence Blocks' and click 'Update Now'. 4. Alternatively, download version 3.2.20+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable vulnerable functionality

all

Identify and disable the specific Kadence Blocks feature causing the SSRF if not essential

Network restrictions

linux

Implement outbound firewall rules to restrict WordPress server from accessing internal services

iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Disable Kadence Blocks plugin completely until patched
  • Implement web application firewall (WAF) rules to block SSRF patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin > Plugins > Installed Plugins for Kadence Blocks version. If version is 3.2.19 or lower, you are vulnerable.

Check Version:

wp plugin list --name=kadence-blocks --field=version (if WP-CLI installed)

Verify Fix Applied:

After updating, verify Kadence Blocks version shows 3.2.20 or higher in WordPress plugins list.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from WordPress server
  • Requests to internal IP addresses or localhost
  • Multiple rapid requests to different endpoints

Network Indicators:

  • WordPress server making unexpected outbound connections
  • Requests to cloud metadata services (169.254.169.254)
  • Port scanning patterns from WordPress server

SIEM Query:

source="wordpress.logs" AND (url CONTAINS "localhost" OR url CONTAINS "127.0.0.1" OR url CONTAINS "169.254.169.254" OR url CONTAINS "internal")

📊 Metadata

CVE ID: CVE-2024-23500
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE: CWE-918
Published: March 28, 2024
Last Updated: February 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23500, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)