CVE-2024-3189 in Gutenberg Blocks Plugin
Summary
by MITRE • 05/15/2024
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/30/2025
The vulnerability identified as CVE-2024-3189 affects the Kadence Blocks plugin for WordPress, specifically targeting several core blocks including Testimonial, Progress Bar, Lottie Animations, Row Layout, Google Maps, and Advanced Gallery components. This represents a critical security flaw that undermines the integrity of WordPress sites relying on this popular page builder plugin. The vulnerability exists in all versions up to and including 3.2.37, making it a widespread concern for WordPress administrators who have not yet updated their installations. The flaw stems from inadequate input sanitization and insufficient output escaping mechanisms within the plugin's codebase, creating a persistent vector for malicious code injection that can compromise user sessions and site integrity.
The technical exploitation of this vulnerability occurs through stored cross-site scripting attacks that leverage the plugin's user-facing attributes. Attackers with contributor-level access or higher can manipulate the plugin's blocks by injecting malicious scripts into the attributes of these components. When other users view pages containing these compromised blocks, the injected scripts execute in their browsers, potentially leading to session hijacking, data theft, or further exploitation of the compromised systems. This vulnerability directly maps to CWE-79, which defines Cross-Site Scripting (XSS) as a weakness that allows attackers to inject client-side scripts into web applications. The stored nature of this XSS vulnerability means that the malicious code persists in the database and executes automatically whenever affected pages are loaded, making it particularly dangerous for content management systems where multiple users interact with shared content.
The operational impact of CVE-2024-3189 extends beyond simple script execution, creating potential pathways for more sophisticated attacks within WordPress environments. An attacker could exploit this vulnerability to steal administrator credentials, modify content, redirect users to malicious sites, or establish persistent backdoors within the compromised WordPress installations. The fact that this affects blocks commonly used in professional websites and business applications makes the attack surface particularly broad, as these components are frequently used to display critical information and interactive elements. Organizations relying on Kadence Blocks for their website functionality face significant risk of unauthorized access and potential data breaches, especially when contributors or authors have elevated privileges within their WordPress installations. The vulnerability also aligns with ATT&CK technique T1566.001, which describes the exploitation of web applications through the injection of malicious code into web pages viewed by other users.
Mitigation strategies for CVE-2024-3189 should prioritize immediate plugin updates to versions that address the identified XSS vulnerabilities. WordPress administrators should ensure that all users with contributor-level access or higher are properly vetted and that role-based access controls are strictly enforced to minimize the attack surface. Regular security audits of WordPress installations should include verification of plugin integrity and monitoring for unauthorized modifications to content. Organizations should implement additional security measures such as Content Security Policy headers, regular automated scanning for malicious code, and comprehensive user activity monitoring to detect potential exploitation attempts. The vulnerability also underscores the importance of maintaining updated security practices within WordPress ecosystems, including regular plugin updates, proper user privilege management, and implementing web application firewalls to detect and block malicious script injection attempts. Organizations should also consider implementing automated patch management systems to ensure rapid deployment of security updates across all WordPress installations.