Login Sign Up

CVE-2024-2047

8.8 HIGH
Remote Code Execution

📋 TL;DR

The ElementsKit Elementor addons plugin for WordPress has a Local File Inclusion vulnerability in the render_raw function. This allows authenticated attackers with contributor-level access or higher to include and execute arbitrary PHP files on the server, potentially leading to remote code execution. All WordPress sites using ElementsKit versions up to 3.0.6 are affected.

💻 Affected Systems

Products:
  • ElementsKit Elementor addons plugin for WordPress
Versions: All versions up to and including 3.0.6
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user with contributor role or higher. WordPress multisite installations are also affected.

📦 What is this software?

Elements Kit Elementor Addons by Wpmet

View all CVEs affecting Elements Kit Elementor Addons →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise through arbitrary PHP code execution, data exfiltration, backdoor installation, and complete site takeover.

🟠

Likely Case

Unauthorized file access, privilege escalation, data theft, and limited code execution through uploaded files.

🟢

If Mitigated

Limited impact if proper file upload restrictions and server hardening are in place, but still significant risk.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires contributor-level access. Attack chain may involve file upload capabilities to deliver malicious PHP files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.7

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3054091/elementskit-lite/tags/3.0.7/widgets/testimonial/testimonial.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find ElementsKit and click 'Update Now'. 4. Verify version is 3.0.7 or higher.

🔧 Temporary Workarounds

Disable vulnerable testimonial widget

all

Temporarily disable the testimonial widget that contains the vulnerable render_raw function

Restrict file uploads

linux

Configure server to block PHP file uploads and restrict allowed file types

# In .htaccess for Apache:
<FilesMatch "\.(php|php5|php7|phtml|phar)$">
    Order Deny,Allow
    Deny from all
</FilesMatch>
# In nginx config:
location ~ \.php$ {
    deny all;
}

🧯 If You Can't Patch

  • Remove contributor role from untrusted users and review all user accounts with elevated privileges
  • Implement web application firewall rules to block local file inclusion patterns and suspicious file uploads

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → ElementsKit version. If version is 3.0.6 or lower, you are vulnerable.

Check Version:

# In WordPress root directory:
grep "Version:" wp-content/plugins/elementskit-lite/elementskit-lite.php

Verify Fix Applied:

After updating, verify ElementsKit version shows 3.0.7 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file inclusion patterns in PHP error logs
  • Multiple failed file inclusion attempts from same user
  • Unexpected PHP file execution in uploads directory

Network Indicators:

  • HTTP requests with suspicious file path parameters
  • POST requests attempting to upload PHP files

SIEM Query:

source="web_server_logs" AND (uri="*render_raw*" OR uri="*testimonial.php*") AND (params="*../*" OR params="*php://*" OR params="*file=*")

📊 Metadata

CVE ID: CVE-2024-2047
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: March 30, 2024
Last Updated: January 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON