CVE-2022-0320 – This vulnerability in the Essential Addons for ... (How to Fix)

Q: What is the severity of CVE-2022-0320?

CVE-2022-0320 has a CVSS score of 9.8 (CRITICAL). This vulnerability in the Essential Addons for Elementor WordPress plugin allows unauthenticated attackers to perform Local File Inclusion attacks, reading arbitrary files on the server. It can lead to Remote Code Execution through uploaded files or other LFI-to-RCE techniques. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

This vulnerability in the Essential Addons for Elementor WordPress plugin allows unauthenticated attackers to perform Local File Inclusion attacks, reading arbitrary files on the server. It can lead to Remote Code Execution through uploaded files or other LFI-to-RCE techniques. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

Essential Addons for Elementor WordPress plugin

Versions: All versions before 5.0.5

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with Elementor and Essential Addons plugin installed. No special configuration needed.

📦 What is this software?

Essential Addons For Elementor by Wpdeveloper

View all CVEs affecting Essential Addons For Elementor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise through Remote Code Execution, allowing attackers to execute arbitrary commands, steal sensitive data, install malware, or pivot to other systems.

🟠

Likely Case

Unauthorized file access leading to credential theft, configuration file exposure, and potential RCE if user upload functionality exists.

🟢

If Mitigated

Limited file access restricted by server permissions, but still exposes sensitive information like configuration files.

🌐 Internet-Facing: HIGH - Unauthenticated exploitation makes this extremely dangerous for internet-facing WordPress sites.

🏢 Internal Only: MEDIUM - Still significant risk if internal attackers exist, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple LFI exploitation with public proof-of-concept available. RCE requires additional steps but is documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.0.5 and later

Vendor Advisory: https://wordpress.org/plugins/essential-addons-for-elementor-lite/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find Essential Addons for Elementor. 4. Click 'Update Now' if available. 5. If manual update needed, download version 5.0.5+ from WordPress.org and replace plugin files.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the vulnerable plugin until patched

wp plugin deactivate essential-addons-for-elementor-lite

Web Application Firewall Rule

all

Block LFI patterns in requests

Add WAF rule: Block requests containing '../' or similar path traversal patterns

🧯 If You Can't Patch

Remove the Essential Addons plugin completely and use alternative Elementor addons
Implement strict file permission controls and disable PHP execution in upload directories

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Essential Addons for Elementor → Version number. If version is below 5.0.5, you are vulnerable.

Check Version:

wp plugin get essential-addons-for-elementor-lite --field=version

Verify Fix Applied:

Confirm plugin version is 5.0.5 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in web server logs
Requests containing '../' or similar path traversal sequences
Access to sensitive files like wp-config.php

Network Indicators:

HTTP requests with suspicious file paths in parameters
Multiple failed LFI attempts

SIEM Query:

source="web_server_logs" AND (uri="*../*" OR uri="*wp-config*" OR uri="*etc/passwd*")

📊 Metadata

CVE ID: CVE-2022-0320

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: February 1, 2022

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/0d02b222-e672-4ac0-a1d4-d34e1ecf4a95 Third Party Advisory
https://wpscan.com/vulnerability/0d02b222-e672-4ac0-a1d4-d34e1ecf4a95 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0320, you might also want to check these: