CVE-2024-2751
📋 TL;DR
This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into web pages using the Exclusive Addons for Elementor plugin. The scripts execute whenever users view the compromised pages, enabling attackers to steal session cookies, redirect users, or perform other malicious actions. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Exclusive Addons for Elementor WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, redirect users to malicious sites, deface websites, or install backdoors for persistent access.
Likely Case
Attackers with contributor accounts inject malicious scripts to steal user session cookies or redirect visitors to phishing pages.
If Mitigated
With proper user access controls and content security policies, impact is limited to potential defacement of specific pages.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has contributor-level credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.9.3 and later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Exclusive Addons for Elementor'. 4. Click 'Update Now' if available, or download version 2.6.9.3+ from WordPress.org. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Exclusive Addons plugin until patched
wp plugin deactivate exclusive-addons-for-elementor
Restrict user roles
allRemove contributor access or implement strict role-based access control
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Regularly audit user accounts and remove unnecessary contributor-level access
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins → Installed PluginsCheck Version:
wp plugin get exclusive-addons-for-elementor --field=versionVerify Fix Applied:
Confirm plugin version is 2.6.9.3 or higher after update📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to wp-admin with exad_infobox_animating_mask_style parameter
- Multiple failed login attempts followed by successful contributor login
Network Indicators:
- Unexpected script tags in page responses containing exad_infobox_animating_mask_style
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/*" AND query_string="*exad_infobox_animating_mask_style*" OR response_body="*exad_infobox_animating_mask_style*")🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3065677%40exclusive-addons-for-elementor%2Ftrunk&old=3051927%40exclusive-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=#file51
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e9ad2dff-0c6d-4d91-a35d-803b97def01f?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3065677%40exclusive-addons-for-elementor%2Ftrunk&old=3051927%40exclusive-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=#file51
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e9ad2dff-0c6d-4d91-a35d-803b97def01f?source=cve
