Q: Is it fixed officially? (Patch/Mitigation)

✅ **Fixed**: YES. Update to version **2.1.1** or later. The vendor has released a patch addressing the missing capability check in the ActivePluginData.php file.

Q: What if no patch? (Workaround)

🚧 **No Patch?**: Disable the plugin immediately. Restrict access to the WordPress REST API endpoints via WAF or server config. Monitor for suspicious plugin installations.

Q: Is it urgent? (Priority Suggestion)

🔴 **Urgency**: CRITICAL. CVSS Score is **9.8 (Critical)**. Unauthenticated remote code execution potential. Patch immediately to prevent takeover.

Question 1

What is this vulnerability? (Essence + Consequences)

Accepted Answer

🚨 **Essence**: Unauthenticated Arbitrary File Upload & Plugin Installation.…

Question 2

Root Cause? (CWE/Flaw)

Accepted Answer

🛡️ **Root Cause**: Missing Capability Check (CWE-862). The `install_and_activate_plugin_from_external()` function lacks proper authorization validation, allowing anyone to trigger it.

Question 3

Who is affected? (Versions/Components)

Accepted Answer

📦 **Affected**: WordPress Plugin **GutenKit – Page Builder Blocks**. 📅 **Versions**: 2.1.0 and earlier. 🏢 **Vendor**: ataur.

Question 4

What can hackers do? (Privileges/Data)

Accepted Answer

💀 **Attacker Actions**: Install & activate arbitrary plugins. 📂 **Data Impact**: Full Read/Write/Execute access (CVSS High). Can execute arbitrary code on the server.

Question 5

Is exploitation threshold high? (Auth/Config)

Accepted Answer

🔓 **Threshold**: LOW. ⚠️ **Auth**: Unauthenticated (No login needed). 🌐 **Network**: Remote (AV:N). 🎯 **Complexity**: Low (AC:L).

Question 6

Is there a public Exp? (PoC/Wild Exploitation)

Accepted Answer

🔥 **Exploits**: YES. Multiple PoCs exist on GitHub (e.g., RandomRobbieBF, Nxploited). Automated scanning templates available via ProjectDiscovery Nuclei.

Question 7

How to self-check? (Features/Scanning)

Accepted Answer

🔍 **Self-Check**: Scan for GutenKit plugin version <= 2.1.0. Check if the REST API endpoint `install-active-plugin` is accessible without auth. Use Nuclei templates for automated detection.

Question 8

Is it fixed officially? (Patch/Mitigation)

Accepted Answer

✅ **Fixed**: YES. Update to version **2.1.1** or later. The vendor has released a patch addressing the missing capability check in the ActivePluginData.php file.

Question 9

What if no patch? (Workaround)

Accepted Answer

🚧 **No Patch?**: Disable the plugin immediately. Restrict access to the WordPress REST API endpoints via WAF or server config. Monitor for suspicious plugin installations.

Question 10

Is it urgent? (Priority Suggestion)

Accepted Answer

🔴 **Urgency**: CRITICAL. CVSS Score is **9.8 (Critical)**. Unauthenticated remote code execution potential. Patch immediately to prevent takeover.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-9234 — AI Deep Analysis Summary

Q1What is this vulnerability? (Essence + Consequences)

Q2Root Cause? (CWE/Flaw)

Q3Who is affected? (Versions/Components)

Q4What can hackers do? (Privileges/Data)

Q5Is exploitation threshold high? (Auth/Config)

Q6Is there a public Exp? (PoC/Wild Exploitation)

Q7How to self-check? (Features/Scanning)

Q8Is it fixed officially? (Patch/Mitigation)

Q9What if no patch? (Workaround)

Q10Is it urgent? (Priority Suggestion)

Continue exploring