CVE-2024-1815 - Stored XSS in the Spectra – WordPress Gutenberg Blocks Plugin

CVE-2024-1815 is a serious security vulnerability that affects the popular WordPress plugin "Spectra – WordPress Gutenberg Blocks" (formerly known as Ultimate Addons for Gutenberg). The bug leaves all versions up to and including 2.12.8 exposed to stored Cross-Site Scripting (XSS) attacks via the plugin’s Image Gallery block. If exploited, this allows an authenticated user with contributor-level access or higher to inject malicious JavaScript, which runs when site visitors view an infected page.

Vulnerability Details

- Plugin: Spectra – WordPress Gutenberg Blocks

Attack Vector: Authenticated (requires login, contributor role or higher)

- Root Cause: Lack of proper sanitization and escaping on user-supplied input in the Image Gallery block attributes.

What does this mean?

If a malicious user with sufficient permissions adds a specially crafted image gallery block, they can inject JavaScript into your site. When another user (like an admin) visits that page, the malicious script runs in their browser, potentially stealing cookies, hijacking accounts, or performing unauthorized actions.

Attacker logs in as a contributor or higher role.

2. Creates or edits a post and inserts an Image Gallery block, injecting malicious code into the block’s attributes.

Code Example

Here’s a simplified proof-of-concept. The vulnerable block’s HTML might end up like this after the attacker edits it:

<!-- wp:uagb/image-gallery {"ids":[1,2],"customClassName":""><script>alert('XSS');//"} /-->

Inject your script into the customClassName (or other attribute that gets printed unsanitized)

<!-- wp:uagb/image-gallery {"ids":[1,2],"customClassName":"\"><img src=x onerror=alert('XSS')>"} /-->

3. Save and preview the post. When a privileged user views it, their browser will pop up an alert box. In real-world attacks, this could be replaced by more damaging JavaScript.

*Remember:* The vulnerable plugin outputs user input directly into the HTML with no escaping, allowing the script to execute.

1. Update the Plugin

Fix Status: The Spectra plugin authors have released a patch.
Upgrade as soon as possible to version 2.13. or later.

2. Limit User Roles

Only provide contributor/publisher access to trusted users, especially while your site is vulnerable.

3. Audit Posts and Users

Check for suspicious code in post contents and review user accounts for unexpected changes.

4. Use Security Plugins

Activate a Web Application Firewall (WAF) or use security plugins that detect or block XSS attacks.

References

- Wordfence Advisory
- NVD CVE-2024-1815 Entry
- Spectra Plugin on WordPress.org
- UAG Changelog

Final Thoughts

If you use the Spectra – WordPress Gutenberg Blocks plugin, this vulnerability (CVE-2024-1815) is a wake-up call. Attackers with relatively low privileges could compromise your site. Make sure to update immediately, review your users and content, and keep your plugins secure.

Timeline

Published on: 05/23/2024 11:15:23 UTC
Last modified on: 06/04/2024 18:00:46 UTC