CVE-2024-2385
📋 TL;DR
This vulnerability allows authenticated attackers with contributor-level access or higher to perform Local File Inclusion via the 'style' attribute in several widgets of the Elementor Addons by Livemesh plugin. This enables execution of arbitrary PHP code on the server, potentially leading to data theft, access control bypass, or full system compromise. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Elementor Addons by Livemesh WordPress plugin
📦 What is this software?
Addons For Elementor by Livemeshelementor
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise leading to data exfiltration, ransomware deployment, or complete site takeover through arbitrary code execution.
Likely Case
Unauthorized file access leading to sensitive data exposure, privilege escalation, or backdoor installation.
If Mitigated
Limited impact if proper file upload restrictions and server hardening are in place, though file inclusion may still expose sensitive information.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained. Multiple proof-of-concept references exist in public sources.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.3.8 or later
Vendor Advisory: https://wordpress.org/plugins/addons-for-elementor/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Elementor Addons by Livemesh'. 4. Click 'Update Now' if available. 5. Alternatively, download version 8.3.8+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Elementor Addons by Livemesh plugin until patched
wp plugin deactivate addons-for-elementor
Restrict contributor access
allTemporarily remove contributor-level access for untrusted users
🧯 If You Can't Patch
- Implement strict file upload restrictions and disable PHP execution in upload directories
- Deploy web application firewall rules to block local file inclusion patterns
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins → Installed Plugins. If Elementor Addons by Livemesh version is 8.3.7 or lower, you are vulnerable.Check Version:
wp plugin get addons-for-elementor --field=versionVerify Fix Applied:
Verify plugin version is 8.3.8 or higher after update. Test that widgets with 'style' attributes no longer accept file paths.📡 Detection & Monitoring
Log Indicators:
- Unusual file path patterns in POST requests to /wp-admin/admin-ajax.php
- Multiple failed authentication attempts followed by successful contributor login
- PHP file inclusion attempts in widget parameter logs
Network Indicators:
- POST requests containing file paths in 'style' parameters
- Unusual outbound connections from web server after successful exploitation
SIEM Query:
source="web_logs" AND (uri_path="/wp-admin/admin-ajax.php" AND (param="style" CONTAINS "../" OR param="style" CONTAINS "/etc/" OR param="style" CONTAINS "/proc/"))🔗 References
- https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/8.3.5/includes/helper-functions.php#L726
- https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/8.3.5/includes/widgets/heading.php#L267
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0aa3ec9b-80d5-4e31-8045-43c8d151cab8?source=cve
- https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/8.3.5/includes/helper-functions.php#L726
- https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/8.3.5/includes/widgets/heading.php#L267
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0aa3ec9b-80d5-4e31-8045-43c8d151cab8?source=cve
