CVE-2024-8760

The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact. These nonces could be used to perform CSRF attacks within a limited time window. The presence of other plugins may make additional nonces available, which may pose a risk in plugins that don't perform capability checks to protect AJAX actions or other actions reachable by lower-privileged users.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3158674%40stackable-ultimate-gutenberg-blocks%2Ftrunk&old=3156448%40stackable-ultimate-gutenberg-blocks%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/1fd0b13c-7447-45da-9608-80b7629d9bbf?source=cve

Configurations

No configuration.

History

No history.

Information

Published : 2024-10-12 09:15

Updated : 2024-10-15 12:57

NVD link : CVE-2024-8760

Mitre link : CVE-2024-8760

CVE.ORG link : CVE-2024-8760

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-8760", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-10-12T09:15:02.677", "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3158674%40stackable-ultimate-gutenberg-blocks%2Ftrunk&old=3156448%40stackable-ultimate-gutenberg-blocks%2Ftrunk&sfp_email=&sfph_mail=", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1fd0b13c-7447-45da-9608-80b7629d9bbf?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact. These nonces could be used to perform CSRF attacks within a limited time window. The presence of other plugins may make additional nonces available, which may pose a risk in plugins that don't perform capability checks to protect AJAX actions or other actions reachable by lower-privileged users."}, {"lang": "es", "value": "El complemento Stackable \u2013 Page Builder Gutenberg Blocks para WordPress es vulnerable a la inyecci\u00f3n de CSS en todas las versiones hasta la 3.13.6 incluida. Esto permite que atacantes no autenticados incorporen informaci\u00f3n de estilo no confiable en los comentarios, lo que genera la posibilidad de exfiltraci\u00f3n de datos, como nonces de administraci\u00f3n, con un impacto limitado. Estos nonces podr\u00edan usarse para realizar ataques CSRF dentro de un per\u00edodo de tiempo limitado. La presencia de otros complementos puede hacer que haya nonces adicionales disponibles, lo que puede representar un riesgo en complementos que no realizan verificaciones de capacidad para proteger acciones AJAX u otras acciones a las que puedan acceder usuarios con menos privilegios."}], "lastModified": "2024-10-15T12:57:46.880", "sourceIdentifier": "security@wordfence.com"}