CVE-2024-10873
📋 TL;DR
This vulnerability allows authenticated attackers with Contributor-level WordPress access or higher to perform Local File Inclusion via the _load_template function in the LA-Studio Element Kit plugin. Attackers can include and execute arbitrary PHP files on the server, potentially leading to remote code execution, data theft, or privilege escalation. All WordPress sites using this plugin version 1.4.2 or earlier are affected.
💻 Affected Systems
- LA-Studio Element Kit for Elementor WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through remote code execution, data exfiltration, backdoor installation, and complete site takeover.
Likely Case
Unauthorized file access, privilege escalation to administrator, and installation of web shells or malware.
If Mitigated
Limited impact if proper file permissions restrict PHP execution and web application firewalls block malicious requests.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained. The vulnerability is in publicly available code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.3 or later
Vendor Advisory: https://wordpress.org/plugins/lastudio-element-kit/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'LA-Studio Element Kit' and click 'Update Now'. 4. Verify update to version 1.4.3 or higher.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the LA-Studio Element Kit plugin until patched
wp plugin deactivate lastudio-element-kit
Restrict file uploads
linuxConfigure web server to prevent PHP execution in upload directories
Add 'php_flag engine off' to .htaccess in wp-content/uploads
🧯 If You Can't Patch
- Remove Contributor and higher role access from untrusted users
- Implement web application firewall rules to block file inclusion patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → LA-Studio Element Kit → Version. If version is 1.4.2 or lower, you are vulnerable.Check Version:
wp plugin get lastudio-element-kit --field=versionVerify Fix Applied:
After update, confirm version shows 1.4.3 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /wp-admin/admin-ajax.php with 'action' parameter containing 'lastudio_element_kit' and unusual file paths
- PHP error logs showing file inclusion errors with user-supplied paths
Network Indicators:
- POST requests to admin-ajax.php with file path parameters
- Unusual outbound connections from web server after exploitation
SIEM Query:
source="web_access.log" AND uri="/wp-admin/admin-ajax.php" AND (query="*lastudio_element_kit*" OR query="*load_template*")🔗 References
- https://plugins.trac.wordpress.org/browser/lastudio-element-kit/trunk/includes/base/class-widget-base.php#L118
- https://plugins.trac.wordpress.org/browser/lastudio-element-kit/trunk/includes/base/class-widget-base.php#L141
- https://plugins.trac.wordpress.org/browser/lastudio-element-kit/trunk/includes/extensions/albums/widget-templates/player/global/index.php
- https://plugins.trac.wordpress.org/browser/lastudio-element-kit/trunk/includes/extensions/albums/widget-templates/player/global/index.php#L26
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3194361%40lastudio-element-kit&new=3194361%40lastudio-element-kit&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/59415c36-e48a-4c05-ad22-8d55a9e13bcd?source=cve
