CVE-2024-3675
📋 TL;DR
This stored XSS vulnerability in the Royal Elementor Addons WordPress plugin allows authenticated attackers with contributor-level access or higher to inject malicious scripts into web pages. The scripts execute when users visit compromised pages, potentially stealing session cookies or redirecting to malicious sites. All WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Royal Elementor Addons and Templates WordPress plugin
📦 What is this software?
Royal Elementor Addons by Royal Elementor Addons
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, deface websites, redirect visitors to malicious sites, or install backdoors for persistent access.
Likely Case
Session hijacking, credential theft, or website defacement by exploiting contributor accounts.
If Mitigated
Limited impact if proper user access controls and input validation are in place.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.972 or later
Vendor Advisory: https://wordpress.org/plugins/royal-elementor-addons/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Royal Elementor Addons. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable widgets
allTemporarily disable Flip Carousel, Flip Box, Post Grid, and Taxonomy List widgets in plugin settings.
Restrict user roles
allLimit contributor-level access to trusted users only and implement strong authentication.
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to mitigate XSS impact
- Use web application firewall (WAF) rules to block XSS payloads in widget parameters
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin panel under Plugins > Installed Plugins. If version is 1.3.971 or lower, you are vulnerable.Check Version:
wp plugin list --name=royal-elementor-addons --field=versionVerify Fix Applied:
Verify plugin version is 1.3.972 or higher after update. Test widget functionality to ensure no regression.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to widget update endpoints
- Suspicious JavaScript in page content
Network Indicators:
- Malicious script payloads in HTTP requests to widget parameters
SIEM Query:
source="wordpress.log" AND ("wpr-flip-box" OR "wpr-flip-carousel" OR "wpr-grid" OR "wpr-taxonomy-list") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")🔗 References
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/flip-box/widgets/wpr-flip-box.php#L1903
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/flip-carousel/widgets/wpr-flip-carousel.php#L1191
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/grid/widgets/wpr-grid.php#L8567
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/taxonomy-list/widgets/wpr-taxonomy-list.php#L621
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3072880%40royal-elementor-addons&new=3072880%40royal-elementor-addons&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/337cbec1-c8a8-41b5-8c32-779be671120f?source=cve
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/flip-box/widgets/wpr-flip-box.php#L1903
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/flip-carousel/widgets/wpr-flip-carousel.php#L1191
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/grid/widgets/wpr-grid.php#L8567
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/taxonomy-list/widgets/wpr-taxonomy-list.php#L621
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3072880%40royal-elementor-addons&new=3072880%40royal-elementor-addons&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/337cbec1-c8a8-41b5-8c32-779be671120f?source=cve
