CVE-2024-12851

6.4 MEDIUM

Cross-Site Scripting

📋 TL;DR

This stored XSS vulnerability in Element Pack Elementor Addons allows authenticated WordPress users with Contributor access or higher to inject malicious scripts into website pages. The scripts execute whenever users visit compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using this plugin up to version 5.10.14 are affected.

💻 Affected Systems

Products:

• Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Versions: All versions up to and including 5.10.14

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with Elementor and Element Pack plugin installed. Contributor-level authentication required for exploitation.

📦 What is this software?

Element Pack by Bdthemes

View all CVEs affecting Element Pack →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.

🟠

Likely Case

Attackers with contributor accounts inject malicious scripts to steal user session cookies or credentials, potentially compromising user accounts.

🟢

If Mitigated

With proper user access controls and input validation, impact is limited to isolated script execution without privilege escalation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once attacker has contributor credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.10.15 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3212890%40bdthemes-element-pack-lite&new=3212890%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Element Pack Elementor Addons'. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the vulnerable plugin until patched

Copy

wp plugin deactivate bdthemes-element-pack-lite

Restrict User Roles

all

Temporarily remove Contributor role access or restrict to trusted users only

🧯 If You Can't Patch

• Implement strict Content Security Policy (CSP) headers to limit script execution
• Add WAF rules to block XSS payloads in custom_attributes parameter

🔍 How to Verify

Check if Vulnerable:

Copy

Check WordPress admin panel > Plugins > Element Pack Elementor Addons version. If version is 5.10.14 or lower, you are vulnerable.

Check Version:

Copy

wp plugin get bdthemes-element-pack-lite --field=version

Verify Fix Applied:

Copy

After update, verify plugin version is 5.10.15 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

• Unusual POST requests to wp-admin containing custom_attributes parameter with script tags
• Multiple failed login attempts followed by successful contributor login

Network Indicators:

• HTTP requests with script payloads in custom_attributes parameter
• Outbound connections to suspicious domains from your WordPress site

SIEM Query:

Copy

source="wordpress.log" AND ("custom_attributes" AND ("script" OR "javascript:" OR "onerror=" OR "onload="))

📊 Metadata

CVE ID: CVE-2024-12851

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.06% exploit probability (19.8th percentile)

Published: January 8, 2025

Last Updated: January 17, 2025

🔗 References

• https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3212890%40bdthemes-element-pack-lite&new=3212890%40bdthemes-element-pack-lite&sfp_email=&sfph_mail= Patch
• https://www.wordfence.com/threat-intel/vulnerabilities/id/39b0af74-f773-4a56-b169-2ee11e923813?source=cve Third Party Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12851, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)

CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)

CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)