CVE-2021-4331
📋 TL;DR
The Plus Addons for Elementor WordPress plugin allows privilege escalation through its registration form functionality. Users with access to Elementor page builder (like contributors) can set the default user role to administrator during registration, potentially gaining administrative privileges. This affects WordPress sites using vulnerable versions of the plugin.
💻 Affected Systems
- Plus Addons for Elementor (WordPress plugin)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with contributor access gains full administrative control over the WordPress site, allowing them to modify content, install malicious plugins/themes, access sensitive data, and potentially compromise the server.
Likely Case
A malicious contributor or author-level user elevates their privileges to administrator, gaining unauthorized administrative access to the WordPress dashboard and site functionality.
If Mitigated
With proper role-based access controls and monitoring, privilege escalation attempts are detected and prevented before successful exploitation.
🎯 Exploit Status
Exploitation requires authenticated access (contributor role or higher). The vulnerability is straightforward to exploit through the plugin's user interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Pro: 4.2.0+, Free: 2.0.7+
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'The Plus Addons for Elementor'. 4. Click 'Update Now' if available, or download latest version from WordPress repository. 5. Activate updated plugin.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Plus Addons for Elementor plugin until patched
wp plugin deactivate the-plus-addons-for-elementor
Restrict Elementor access
allLimit Elementor page builder access to trusted users only
🧯 If You Can't Patch
- Remove contributor and author roles from untrusted users
- Implement strict monitoring of user role changes and registration activities
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for 'The Plus Addons for Elementor' version. Pro versions ≤4.1.9 or Free versions ≤2.0.6 are vulnerable.Check Version:
wp plugin get the-plus-addons-for-elementor --field=versionVerify Fix Applied:
Verify plugin version is Pro ≥4.2.0 or Free ≥2.0.7. Test registration form role selection is restricted to administrators only.📡 Detection & Monitoring
Log Indicators:
- Unexpected user role changes from contributor/author to administrator
- Multiple user registrations with administrative privileges
- Plugin activation/deactivation logs for Plus Addons
Network Indicators:
- Increased admin panel access from non-admin users
- Unusual POST requests to registration endpoints
SIEM Query:
source="wordpress" AND (event="user_role_change" OR event="user_registration") AND (new_role="administrator" OR old_role IN ("contributor","author"))🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2514618%40the-plus-addons-for-elementor-page-builder&new=2514618%40the-plus-addons-for-elementor-page-builder&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/96388c82-2392-42b3-b0a0-c3d92910fb5c
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2514618%40the-plus-addons-for-elementor-page-builder&new=2514618%40the-plus-addons-for-elementor-page-builder&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/96388c82-2392-42b3-b0a0-c3d92910fb5c
