CVE-2024-11104
📋 TL;DR
This vulnerability in Sky Addons for Elementor WordPress plugin allows authenticated attackers with subscriber-level access or higher to modify arbitrary WordPress site options that can be saved as arrays. This can lead to denial of service or other site disruptions. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Sky Addons for Elementor WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover by modifying critical WordPress options like admin credentials, site URL, or disabling the site entirely through DoS.
Likely Case
Site disruption or defacement by modifying visible site settings, disabling features, or causing errors through option manipulation.
If Mitigated
Limited impact if proper access controls and monitoring are in place, with only minor configuration changes possible.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.3 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3193495%40sky-elementor-addons&new=3193495%40sky-elementor-addons
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Sky Addons for Elementor'. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.6.3+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Sky Addons for Elementor plugin until patched
wp plugin deactivate sky-elementor-addons
Restrict user registration
allDisable new user registration to prevent attacker account creation
In WordPress Settings → General, uncheck 'Anyone can register'
🧯 If You Can't Patch
- Implement strict access controls and monitor user activity logs
- Use web application firewall rules to block suspicious option modification requests
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin → Plugins → Sky Addons for Elementor. If version is 2.6.2 or lower, you are vulnerable.Check Version:
wp plugin get sky-elementor-addons --field=versionVerify Fix Applied:
After updating, verify plugin version shows 2.6.3 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=sky_elementor_addons_save_options from non-admin users
- Unexpected modifications to wp_options table
Network Indicators:
- HTTP POST requests containing 'sky_elementor_addons_save_options' action parameter
SIEM Query:
source="wordpress.log" AND "sky_elementor_addons_save_options" AND user_role!="administrator"🔗 References
- https://plugins.trac.wordpress.org/browser/sky-elementor-addons/tags/2.6.1/includes/admin.php#L1267
- https://plugins.trac.wordpress.org/browser/sky-elementor-addons/tags/2.6.1/includes/admin.php#L1290
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3189030%40sky-elementor-addons&new=3189030%40sky-elementor-addons&sfp_email=&sfph_mail=
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3193495%40sky-elementor-addons&new=3193495%40sky-elementor-addons&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2a9810a8-311a-424a-bd64-8d25ee891bb5?source=cve
