CVE-2024-10323
📋 TL;DR
This vulnerability allows authenticated WordPress users with Author-level permissions or higher to upload malicious SVG files containing JavaScript through the JetWidgets For Elementor plugin's REST API. The stored XSS payload executes when other users view the SVG file, potentially compromising their sessions. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- JetWidgets For Elementor WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or perform actions as authenticated users, potentially leading to full site compromise.
Likely Case
Attackers with author accounts inject malicious scripts to steal user session cookies, perform phishing attacks, or modify page content for malicious purposes.
If Mitigated
With proper user access controls and content security policies, impact is limited to the specific user viewing the malicious SVG file.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker obtains author-level credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.19 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3184475/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'JetWidgets For Elementor' and click 'Update Now'. 4. Verify plugin version is 1.0.19 or higher.
🔧 Temporary Workarounds
Disable SVG Uploads via REST API
allBlock SVG file uploads through WordPress REST API endpoints
Add to theme's functions.php: add_filter('upload_mimes', function($mimes) { unset($mimes['svg']); return $mimes; });
Restrict User Roles
allLimit users with Author role or higher to trusted individuals only
🧯 If You Can't Patch
- Temporarily disable the JetWidgets For Elementor plugin
- Implement Content Security Policy headers to restrict script execution from SVG files
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins, find JetWidgets For Elementor and verify version is 1.0.18 or lower.Check Version:
wp plugin list --name=jetwidgets-for-elementor --field=versionVerify Fix Applied:
After updating, verify plugin version shows 1.0.19 or higher in WordPress admin plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual SVG file uploads via REST API
- Multiple failed login attempts followed by SVG uploads
- User role escalation attempts
Network Indicators:
- POST requests to /wp-json/wp/v2/media with SVG content
- Unusual outbound connections after SVG file access
SIEM Query:
source="wordpress" AND (uri_path="/wp-json/wp/v2/media" AND file_extension="svg")