A critical vulnerability in the ComboBlocks WordPress plugin (formerly Post Grid and Gutenberg Blocks) exposes over 40,000 websites to potential complete takeover by unauthenticated attackers. This vulnerability exists due to improper handling of user meta during the registration process, enabling privilege escalation. It affects versions 2.2.85 to 2.3.3 and has been addressed in version 2.3.4.

Overview

ComboBlocks, a plugin designed to enhance website design and functionality, was found to have a critical security flaw (CVE-2024-9636) that could allow unauthenticated attackers to register as administrators, granting them full control over the affected websites.

Technical Summary

Remediations

1. Update Plugin: Immediately update the ComboBlocks plugin to version 2.3.4 or later.
2. Review Administrative Accounts:

• Audit all user accounts with administrative privileges.
• Revoke any unauthorized access.

3. Enhance Security Posture:

• Enable multi-factor authentication (MFA) for all admin accounts.
• Restrict user permissions based on the principle of least privilege.
• Use a web application firewall (WAF) to filter and block malicious traffic.

4. Monitor and Log Activity:

• Activate detailed logging for user registration and privilege changes.
• Configure alerts for unusual activity, such as mass registrations or privilege escalations.

5. Implement Preventative Measures:

• Regularly update all plugins and themes.
• Backup the WordPress site frequently to ensure quick recovery in case of any compromise.

References

• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/post-grid/post-grid-and-gutenberg-blocks-2285-233-unauthenticated-privilege-escalation
• https://securityonline.info/cve-2024-9636-popular-wordpress-plugin-comboblocks-exposes-thousands-of-sites-to-complete-takeover/