CVE-2024-3668 – The PowerPack Pro for Elementor WordPress plugi... (How to Fix)

Q: What is the severity of CVE-2024-3668?

CVE-2024-3668 has a CVSS score of 8.8 (HIGH). The PowerPack Pro for Elementor WordPress plugin allows authenticated attackers with contributor-level access or higher to escalate privileges to administrator. Attackers can create registration forms with administrator as the default role and register themselves as administrators. All WordPress sites using PowerPack Pro for Elementor up to version 2.10.17 are affected.

📋 TL;DR

The PowerPack Pro for Elementor WordPress plugin allows authenticated attackers with contributor-level access or higher to escalate privileges to administrator. Attackers can create registration forms with administrator as the default role and register themselves as administrators. All WordPress sites using PowerPack Pro for Elementor up to version 2.10.17 are affected.

💻 Affected Systems

Products:

PowerPack Pro for Elementor WordPress Plugin

Versions: All versions up to and including 2.10.17

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with PowerPack Pro for Elementor plugin installed. Attackers need at least contributor-level authenticated access.

📦 What is this software?

Powerpack Addons For Elementor by Ideabox

View all CVEs affecting Powerpack Addons For Elementor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover where attackers gain full administrative control, can install malicious plugins/themes, steal sensitive data, deface the site, or establish persistent backdoors.

🟠

Likely Case

Attackers with existing low-privilege accounts (contributors, authors, editors) elevate to administrators and compromise the WordPress installation.

🟢

If Mitigated

With proper access controls and monitoring, privilege escalation attempts are detected and blocked before successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once an attacker has contributor or higher privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.10.18 and later

Vendor Advisory: https://powerpackelements.com/change-logs/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find PowerPack Pro for Elementor. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 2.10.18+ from vendor and manually update.

🔧 Temporary Workarounds

Disable User Registration Forms

all

Temporarily disable or remove any PowerPack Pro registration forms from your site until patched.

Restrict Contributor Access

all

Review and remove contributor-level access from untrusted users until the plugin is updated.

🧯 If You Can't Patch

Disable or uninstall PowerPack Pro for Elementor plugin completely
Implement strict user access controls and monitor for suspicious user role changes

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins → PowerPack Pro for Elementor version. If version is 2.10.17 or lower, you are vulnerable.

Check Version:

wp plugin list --name='PowerPack Pro for Elementor' --field=version

Verify Fix Applied:

After updating, verify PowerPack Pro for Elementor version is 2.10.18 or higher in WordPress plugins list.

📡 Detection & Monitoring

Log Indicators:

Unexpected user role changes from low to high privileges
Multiple user registration attempts
PowerPack Pro form creation/modification logs

Network Indicators:

POST requests to PowerPack Pro registration endpoints with role parameters

SIEM Query:

SELECT * FROM wordpress_logs WHERE event_type IN ('user_role_change', 'plugin_form_submission') AND plugin_name='PowerPack Pro'

📊 Metadata

CVE ID: CVE-2024-3668

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

Published: June 8, 2024

Last Updated: April 8, 2025

🔗 References

https://powerpackelements.com/change-logs/ Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/249ccc77-0daf-41bc-b5c5-991bf17d645d?source=cve Third Party Advisory
https://powerpackelements.com/change-logs/ Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/249ccc77-0daf-41bc-b5c5-991bf17d645d?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3668, you might also want to check these: