CVE-2024-1567
📋 TL;DR
The Royal Elementor Addons and Templates WordPress plugin has a vulnerability that allows unauthenticated attackers to upload dangerous file types like .svgz due to missing file type validation. This could lead to cross-site scripting (XSS) or remote code execution (RCE) on affected WordPress sites. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Royal Elementor Addons and Templates WordPress plugin
📦 What is this software?
Royal Elementor Addons by Royal Elementor Addons
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete site compromise, data theft, malware distribution, or site defacement.
Likely Case
Cross-site scripting attacks that could steal user sessions, redirect users to malicious sites, or perform actions on behalf of users.
If Mitigated
Limited impact if proper web application firewalls and file upload restrictions are in place.
🎯 Exploit Status
The vulnerability is straightforward to exploit as it requires no authentication and involves simple file upload manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.95
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Royal Elementor Addons and Templates'. 4. Click 'Update Now' if available, or manually update to version 1.3.95 or later. 5. Verify the update completed successfully.
🔧 Temporary Workarounds
Disable plugin file upload functionality
allTemporarily disable the vulnerable file upload module in the plugin settings
Web server file type restrictions
linuxConfigure web server to block .svgz and other dangerous file uploads
For Apache: Add 'Deny from all' to .htaccess for .svgz files
For Nginx: Add location block to deny .svgz file uploads
🧯 If You Can't Patch
- Disable the Royal Elementor Addons plugin completely until patched
- Implement strict web application firewall rules to block malicious file upload attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Royal Elementor Addons version. If version is 1.3.94 or lower, you are vulnerable.Check Version:
wp plugin list --name='Royal Elementor Addons' --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 1.3.95 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to WordPress uploads directory
- Requests to /wp-content/uploads/ with .svgz or other dangerous extensions
- Multiple failed upload attempts from single IPs
Network Indicators:
- POST requests to WordPress file upload endpoints with malicious file types
- Unusual traffic patterns to /wp-content/plugins/royal-elementor-addons/
SIEM Query:
source="wordpress.log" AND (uri_path="*wpr-file-upload*" OR file_extension="svgz")🔗 References
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.3.89/classes/modules/forms/wpr-file-upload.php#L105
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.3.90/classes/modules/forms/wpr-file-upload.php
- https://plugins.trac.wordpress.org/changeset/3056612/royal-elementor-addons/tags/1.3.95/classes/modules/forms/wpr-file-upload.php?old=3055840&old_path=royal-elementor-addons%2Ftags%2F1.3.94%2Fclasses%2Fmodules%2Fforms%2Fwpr-file-upload.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7a04705d-cd17-4b4b-b04d-de55d6479dab?source=cve
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.3.89/classes/modules/forms/wpr-file-upload.php#L105
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.3.90/classes/modules/forms/wpr-file-upload.php
- https://plugins.trac.wordpress.org/changeset/3056612/royal-elementor-addons/tags/1.3.95/classes/modules/forms/wpr-file-upload.php?old=3055840&old_path=royal-elementor-addons%2Ftags%2F1.3.94%2Fclasses%2Fmodules%2Fforms%2Fwpr-file-upload.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7a04705d-cd17-4b4b-b04d-de55d6479dab?source=cve
