CVE-2024-5819 – This vulnerability allows authenticated WordPre... (How to Fix)

Q: What is the severity of CVE-2024-5819?

CVE-2024-5819 has a CVSS score of 6.4 (MEDIUM). This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the Kadence Blocks plugin. The scripts execute when other users view the compromised pages, enabling session hijacking, defacement, or malware distribution. All WordPress sites using vulnerable versions of Kadence Blocks are affected.

📋 TL;DR

This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the Kadence Blocks plugin. The scripts execute when other users view the compromised pages, enabling session hijacking, defacement, or malware distribution. All WordPress sites using vulnerable versions of Kadence Blocks are affected.

💻 Affected Systems

Products:

Kadence Blocks - Gutenberg Blocks for Page Builder Features

Versions: All versions up to and including 3.2.45

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Kadence Blocks plugin enabled. Contributor-level access or higher needed for exploitation.

📦 What is this software?

Gutenberg Blocks With Ai by Kadencewp

View all CVEs affecting Gutenberg Blocks With Ai →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, install backdoors, redirect users to malicious sites, or completely compromise the WordPress site and potentially the server.

🟠

Likely Case

Attackers inject malicious scripts to steal user session cookies, redirect visitors to phishing pages, or deface website content.

🟢

If Mitigated

With proper user role management and content review processes, impact is limited to potential defacement of specific pages.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is technically simple once authenticated. DOM-based XSS via HTML data attributes.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.46 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3108332/kadence-blocks

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Kadence Blocks' and click 'Update Now'. 4. Verify version is 3.2.46 or higher.

🔧 Temporary Workarounds

Restrict User Roles

all

Temporarily restrict contributor-level access or implement content approval workflows

Disable Plugin

linux

Temporarily disable Kadence Blocks plugin until patched

wp plugin deactivate kadence-blocks

🧯 If You Can't Patch

Implement strict content review process for all contributor submissions
Add Content Security Policy headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins → Kadence Blocks version

Check Version:

wp plugin get kadence-blocks --field=version

Verify Fix Applied:

Verify Kadence Blocks version is 3.2.46 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual content modifications by contributor-level users
Multiple page edits in short timeframes

Network Indicators:

Unexpected script tags in page responses
Suspicious outbound connections from user browsers

SIEM Query:

source="wordpress.log" AND ("kadence-blocks" OR "contributor") AND ("edit" OR "update")

📊 Metadata

CVE ID: CVE-2024-5819

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: June 29, 2024

Last Updated: February 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5819, you might also want to check these: