CVE-2024-0334
📋 TL;DR
The Jeg Elementor Kit WordPress plugin has a stored cross-site scripting (XSS) vulnerability that allows authenticated attackers with contributor-level access or higher to inject malicious scripts into website pages. These scripts execute whenever users visit the compromised pages, potentially stealing credentials, session cookies, or performing unauthorized actions. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Jeg Elementor Kit WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, deface pages, redirect users to malicious sites, or install backdoors for persistent access.
Likely Case
Attackers with contributor access inject malicious scripts to steal user session cookies or credentials, potentially compromising user accounts and performing actions on their behalf.
If Mitigated
With proper user role management and input validation, the impact is limited to potential defacement or limited data exposure from compromised contributor accounts.
🎯 Exploit Status
Exploitation requires authenticated access (contributor role or higher). The vulnerability is in the custom attribute field of link widgets, making exploitation straightforward for attackers with access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.5
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3077328/jeg-elementor-kit
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Jeg Elementor Kit' and click 'Update Now'. 4. Verify the plugin version is 2.6.5 or higher.
🔧 Temporary Workarounds
Remove Contributor Access
allTemporarily remove contributor-level access for untrusted users until patching is complete.
Disable Vulnerable Widgets
allDisable or remove the affected Elementor widgets that contain the custom attribute field.
🧯 If You Can't Patch
- Implement strict user role management and limit contributor accounts to trusted users only
- Deploy a web application firewall (WAF) with XSS protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → Jeg Elementor Kit version. If version is 2.6.4 or lower, you are vulnerable.Check Version:
wp plugin list --name=jeg-elementor-kit --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 2.6.5 or higher in the WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to Elementor widget endpoints
- Multiple failed login attempts followed by successful contributor login
- Suspicious script tags in page content or custom attributes
Network Indicators:
- Outbound connections to suspicious domains from your WordPress site
- Unexpected JavaScript execution in page responses
SIEM Query:
source="wordpress.log" AND ("jeg-elementor-kit" OR "elementor") AND ("custom attribute" OR "widget" OR "POST /wp-admin/admin-ajax.php")🔗 References
- https://plugins.trac.wordpress.org/changeset/3077328/jeg-elementor-kit
- https://www.wordfence.com/threat-intel/vulnerabilities/id/950e9042-1364-4200-8f57-171346075764?source=cve
- https://plugins.trac.wordpress.org/changeset/3077328/jeg-elementor-kit
- https://www.wordfence.com/threat-intel/vulnerabilities/id/950e9042-1364-4200-8f57-171346075764?source=cve
