CVE-2024-3055
📋 TL;DR
This vulnerability allows authenticated WordPress users with contributor-level access or higher to perform time-based SQL injection attacks through the 'id' parameter in the Unlimited Elements For Elementor plugin. Attackers can extract sensitive information from the database by injecting malicious SQL queries. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Unlimited Elements For Elementor (Free Widgets, Addons, Templates) WordPress plugin
📦 What is this software?
Unlimited Elements For Elementor by Unlimited Elements
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including extraction of user credentials, sensitive content, and potential privilege escalation leading to full site takeover.
Likely Case
Extraction of sensitive data such as user emails, hashed passwords, and private content from the database.
If Mitigated
Limited data exposure if proper input validation and prepared statements are implemented, with minimal impact on site functionality.
🎯 Exploit Status
Exploitation requires authenticated access but uses standard SQL injection techniques. Time-based attacks make detection more difficult.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 1.5.102
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Unlimited Elements For Elementor'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 1.5.103 or later from WordPress.org. 6. Deactivate and delete old plugin. 7. Upload and activate new version.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched version is available
wp plugin deactivate unlimited-elements-for-elementor
Input Validation via WAF
allConfigure web application firewall to block SQL injection patterns
🧯 If You Can't Patch
- Remove contributor and higher access from untrusted users
- Implement network segmentation to limit database access
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Unlimited Elements For Elementor → Version number. If version is 1.5.102 or lower, you are vulnerable.Check Version:
wp plugin get unlimited-elements-for-elementor --field=versionVerify Fix Applied:
Verify plugin version is 1.5.103 or higher in WordPress admin panel. Check that the db.class.php file no longer contains vulnerable code at line 238.📡 Detection & Monitoring
Log Indicators:
- Unusual database queries with time delays
- Multiple failed SQL injection attempts from same user
- Unusual database access patterns from WordPress application
Network Indicators:
- HTTP POST requests with SQL injection patterns in 'id' parameter
- Unusually long response times for specific plugin endpoints
SIEM Query:
source="wordpress.log" AND ("unlimited-elements" OR "db.class.php") AND ("sleep" OR "benchmark" OR "waitfor delay")🔗 References
- https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/1.5.93/inc_php/framework/db.class.php#L238
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3081509%40unlimited-elements-for-elementor%2Ftrunk&old=3076456%40unlimited-elements-for-elementor%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ebc0c8e6-a365-4ef7-9c1a-41454855096c?source=cve
- https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/1.5.93/inc_php/framework/db.class.php#L238
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3081509%40unlimited-elements-for-elementor%2Ftrunk&old=3076456%40unlimited-elements-for-elementor%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ebc0c8e6-a365-4ef7-9c1a-41454855096c?source=cve
