CVE-2024-10798
📋 TL;DR
This vulnerability allows authenticated WordPress users with Contributor-level access or higher to extract data from private or draft posts created via Elementor that they should not have access to. It affects the Royal Elementor Addons and Templates plugin due to insufficient restrictions in the 'wpr-template' shortcode. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Royal Elementor Addons and Templates WordPress Plugin
📦 What is this software?
Royal Elementor Addons by Royal Elementor Addons
⚠️ Risk & Real-World Impact
Worst Case
Sensitive information from private posts, draft content, or unpublished material could be exposed to unauthorized users, potentially leading to data leaks, intellectual property theft, or privacy violations.
Likely Case
Contributors or authors accessing draft posts they shouldn't see, potentially exposing unpublished content, editorial workflows, or sensitive information.
If Mitigated
Minimal impact with proper user role management and content access controls in place.
🎯 Exploit Status
Exploitation requires authenticated access with at least Contributor privileges. The vulnerability is in the shortcode implementation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.1004
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Royal Elementor Addons and Templates'. 4. Click 'Update Now' if available, or download version 1.7.1004 from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable vulnerable shortcode
allRemove or disable the 'wpr-template' shortcode functionality
Add to theme's functions.php: remove_shortcode('wpr-template');
Restrict user roles
allTemporarily restrict Contributor and Author access to sensitive areas
Use WordPress role management plugins to limit access
🧯 If You Can't Patch
- Temporarily deactivate the Royal Elementor Addons plugin
- Implement strict user role management and audit Contributor/Authors
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Royal Elementor Addons and Templates → Version numberCheck Version:
wp plugin list --name='royal-elementor-addons' --field=versionVerify Fix Applied:
Verify plugin version is 1.7.1004 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unusual shortcode usage patterns
- Multiple failed access attempts to restricted posts
- User role escalation attempts
Network Indicators:
- Unusual API calls to WordPress REST endpoints
- Suspicious shortcode parameter manipulation
SIEM Query:
source="wordpress" AND (shortcode="wpr-template" OR plugin="royal-elementor-addons")🔗 References
- https://plugins.trac.wordpress.org/changeset/3195352/royal-elementor-addons/tags/1.7.1004/admin/includes/wpr-templates-shortcode.php?old=3193132&old_path=royal-elementor-addons%2Ftags%2F1.7.1003%2Fadmin%2Fincludes%2Fwpr-templates-shortcode.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4a7ef5a0-f6c8-41e1-bb3b-119a682be69f?source=cve
