CVE-2024-11829
📋 TL;DR
This vulnerability allows authenticated attackers with Contributor-level access or higher to inject malicious scripts into WordPress pages using the Table Widget in The Plus Addons for Elementor plugin. The scripts are stored and execute whenever users access the compromised pages, enabling cross-site scripting attacks. All WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, perform session hijacking, deface websites, redirect users to malicious sites, or install malware on visitors' systems.
Likely Case
Attackers with contributor access inject malicious scripts to steal user session cookies, perform phishing attacks, or deface specific pages.
If Mitigated
With proper user role management and input validation, impact is limited to low-privilege data exposure from contributor-level accounts.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has contributor-level credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.2.0
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'The Plus Addons for Elementor'. 4. Click 'Update Now' if available, or download version 6.2.0+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable Table Widget
allTemporarily disable the vulnerable Table Widget component until patching is possible
Navigate to Elementor → The Plus Addons → Modules Control → Disable 'TP Table' widget
Restrict User Roles
allTemporarily remove contributor-level editing permissions from untrusted users
Navigate to Users → All Users → Edit user roles to remove 'Contributor' access
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to limit script execution
- Enable WordPress security plugins with XSS protection features like Wordfence or Sucuri
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → The Plus Addons for Elementor → Version number. If version is 6.1.8 or lower, you are vulnerable.Check Version:
wp plugin list --name='the-plus-addons-for-elementor' --field=versionVerify Fix Applied:
After updating, verify version shows 6.2.0 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with searchable_label parameters
- Multiple failed login attempts followed by successful contributor-level login
Network Indicators:
- Unexpected JavaScript payloads in HTTP POST parameters
- Suspicious outbound connections from WordPress admin pages
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" AND http_method="POST" AND params CONTAINS "searchable_label")🔗 References
- https://plugins.trac.wordpress.org/changeset/3207945/the-plus-addons-for-elementor-page-builder/tags/6.1.2/modules/widgets/tp_table.php?old=3207456&old_path=the-plus-addons-for-elementor-page-builder%2Ftags%2F6.1.1%2Fmodules%2Fwidgets%2Ftp_table.php
- https://plugins.trac.wordpress.org/changeset/3218225/the-plus-addons-for-elementor-page-builder/tags/6.1.4/modules/widgets/tp_table.php?old=3212455&old_path=the-plus-addons-for-elementor-page-builder%2Ftags%2F6.1.3%2Fmodules%2Fwidgets%2Ftp_table.php
- https://plugins.trac.wordpress.org/changeset?old_path=/the-plus-addons-for-elementor-page-builder/tags/6.1.8&new_path=/the-plus-addons-for-elementor-page-builder/tags/6.2.0&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/edf62f82-448a-4ed8-8d4b-7215223494cb?source=cve
