CVE-2021-24949 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2021-24949?

CVE-2021-24949 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to execute arbitrary SQL commands through the 'WP Search Filters' widget in The Plus Addons for Elementor Pro WordPress plugin. It affects WordPress sites using vulnerable plugin versions, potentially leading to data theft, modification, or complete site compromise. The SQL injection occurs due to unsanitized user input in the option parameter.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands through the 'WP Search Filters' widget in The Plus Addons for Elementor Pro WordPress plugin. It affects WordPress sites using vulnerable plugin versions, potentially leading to data theft, modification, or complete site compromise. The SQL injection occurs due to unsanitized user input in the option parameter.

💻 Affected Systems

Products:

The Plus Addons for Elementor - Pro WordPress plugin

Versions: All versions before 5.0.7

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the Pro version of the plugin with WP Search Filters widget enabled. Elementor page builder must be installed.

📦 What is this software?

The Plus Addons For Elementor by Posimyth

View all CVEs affecting The Plus Addons For Elementor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise allowing data exfiltration, privilege escalation, remote code execution via database functions, and full site takeover.

🟠

Likely Case

Data extraction from WordPress database including user credentials, sensitive content, and plugin data, potentially leading to admin access.

🟢

If Mitigated

Limited impact with proper input validation and database user restrictions, possibly only data viewing without modification privileges.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via unsanitized GET/POST parameters. Public proof-of-concept available through WPScan and security researchers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.0.7 and later

Vendor Advisory: https://roadmap.theplusaddons.com/updates

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'The Plus Addons for Elementor - Pro'. 4. Click 'Update Now' if available, or download version 5.0.7+ from vendor. 5. Activate updated plugin.

🔧 Temporary Workarounds

Disable WP Search Filters Widget

all

Temporarily disable the vulnerable widget until patching is possible

Navigate to Elementor > Settings > Advanced > Disable WP Search Filters widget

Web Application Firewall Rules

all

Block SQL injection patterns targeting the option parameter

Configure WAF to block requests containing SQL keywords in option parameter: SELECT, UNION, INSERT, UPDATE, DELETE, DROP, etc.

🧯 If You Can't Patch

Implement strict input validation and parameterized queries at application level
Restrict database user permissions to SELECT only for frontend operations

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins. If version is below 5.0.7, site is vulnerable.

Check Version:

wp plugin list --name='The Plus Addons for Elementor - Pro' --field=version

Verify Fix Applied:

Confirm plugin version is 5.0.7 or higher. Test WP Search Filters widget functionality remains working without SQL errors.

📡 Detection & Monitoring

Log Indicators:

Unusual database queries in WordPress debug logs
SQL syntax errors in web server logs
Multiple requests with SQL keywords in option parameter

Network Indicators:

HTTP requests containing SQL injection payloads in GET/POST parameters
Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND ("option=" AND ("SELECT" OR "UNION" OR "INSERT" OR "UPDATE" OR "DELETE"))

📊 Metadata

CVE ID: CVE-2021-24949

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: January 10, 2022

Last Updated: November 21, 2024

🔗 References

https://roadmap.theplusaddons.com/updates Release Notes,Vendor Advisory
https://wpscan.com/vulnerability/9d7f8ba8-a5d5-4ec3-a48f-5cd4b115e8d5 Exploit,Third Party Advisory
https://roadmap.theplusaddons.com/updates Release Notes,Vendor Advisory
https://wpscan.com/vulnerability/9d7f8ba8-a5d5-4ec3-a48f-5cd4b115e8d5 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24949, you might also want to check these: