CVE-2024-34374
📋 TL;DR
This stored cross-site scripting (XSS) vulnerability in ElementsReady Addons for Elementor allows attackers to inject malicious scripts into web pages. When users view affected pages, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. WordPress sites using vulnerable versions of this Elementor addon are affected.
💻 Affected Systems
- ElementsReady Addons for Elementor
📦 What is this software?
Elementsready by Quomodosoft
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over WordPress sites, deface websites, or redirect visitors to malicious sites, leading to complete site compromise and data theft.
Likely Case
Attackers inject malicious JavaScript to steal user session cookies, perform actions as authenticated users, or display phishing content to visitors.
If Mitigated
With proper input validation and output encoding, malicious scripts would be neutralized before reaching users' browsers, preventing exploitation.
🎯 Exploit Status
Stored XSS vulnerabilities are commonly exploited. While no public proof-of-concept is confirmed, the vulnerability type is well-understood and easily weaponized.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 5.8.0
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'ElementsReady Addons for Elementor'. 4. Click 'Update Now' if available, or manually update to latest version. 5. Verify update completes successfully.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the ElementsReady Addons plugin until patched
wp plugin deactivate element-ready-lite
Implement Content Security Policy
allAdd CSP headers to restrict script execution sources
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or use WordPress CSP plugin
🧯 If You Can't Patch
- Remove or disable the ElementsReady Addons plugin entirely
- Implement web application firewall (WAF) rules to block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'ElementsReady Addons' version ≤5.8.0Check Version:
wp plugin get element-ready-lite --field=versionVerify Fix Applied:
Verify plugin version is >5.8.0 in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to Elementor endpoints
- Suspicious script tags in form submissions
- Multiple failed XSS attempts in web server logs
Network Indicators:
- Malicious JavaScript payloads in HTTP requests
- Unexpected script sources loading on pages
SIEM Query:
source="web_logs" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=") AND uri="*elementor*"🔗 References
- https://patchstack.com/database/vulnerability/element-ready-lite/wordpress-elementsready-addons-for-elementor-plugin-5-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/element-ready-lite/wordpress-elementsready-addons-for-elementor-plugin-5-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve
