CVE-2024-32786
📋 TL;DR
This CVE describes an authentication bypass vulnerability in the Royal Elementor Addons WordPress plugin that allows attackers to spoof IP addresses and bypass intended functionality restrictions. It affects all WordPress sites using Royal Elementor Addons versions up to 1.3.93. Attackers can exploit this to access restricted features without proper authentication.
💻 Affected Systems
- Royal Elementor Addons and Templates (WordPress plugin)
📦 What is this software?
Royal Elementor Addons by Royal Elementor Addons
⚠️ Risk & Real-World Impact
Worst Case
Attackers could gain unauthorized access to administrative features, modify site content, or access sensitive data by bypassing IP-based restrictions.
Likely Case
Attackers bypass IP-based access controls to view or use functionality intended only for specific IP addresses, potentially accessing restricted content or features.
If Mitigated
With proper network segmentation and additional authentication layers, impact is limited to the specific bypassed functionality.
🎯 Exploit Status
The vulnerability involves IP spoofing which is relatively straightforward to execute with basic networking knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.94 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-and-templates-plugin-1-3-93-ip-bypass-vulnerability
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Royal Elementor Addons and Templates'. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.3.94+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate Royal Elementor Addons plugin until patched
wp plugin deactivate royal-elementor-addons
Implement web application firewall rules
allBlock suspicious IP spoofing attempts at WAF level
🧯 If You Can't Patch
- Implement additional authentication layers for IP-restricted functionality
- Monitor logs for unusual IP address patterns or unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Royal Elementor Addons version. If version is 1.3.93 or lower, system is vulnerable.Check Version:
wp plugin get royal-elementor-addons --field=versionVerify Fix Applied:
Verify plugin version is 1.3.94 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Multiple failed authentication attempts from spoofed IPs
- Access to restricted endpoints from unexpected IP ranges
Network Indicators:
- HTTP requests with spoofed X-Forwarded-For headers
- Unusual IP address patterns in web server logs
SIEM Query:
source="web_server" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "royal-elementor") AND (src_ip NOT IN allowed_ips)🔗 References
- https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-and-templates-plugin-1-3-93-ip-bypass-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-and-templates-plugin-1-3-93-ip-bypass-vulnerability?_s_id=cve
