CVE-2024-37089
📋 TL;DR
This vulnerability allows unauthenticated attackers to perform path traversal attacks, leading to local file inclusion in the Consulting Elementor Widgets WordPress plugin. Attackers can read sensitive files on the server, potentially exposing configuration files, credentials, or other sensitive data. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- StylemixThemes Consulting Elementor Widgets WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise via reading sensitive files like wp-config.php (containing database credentials), followed by database takeover, code execution, or site defacement.
Likely Case
Information disclosure of sensitive server files, potentially exposing database credentials, configuration files, or other sensitive data that could lead to further attacks.
If Mitigated
Limited impact with proper file permissions and web server configurations that restrict access to sensitive directories.
🎯 Exploit Status
Simple path traversal payloads can be used to read files. Public exploit details are available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.1 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Consulting Elementor Widgets'. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.3.1+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patched
Web Application Firewall Rule
linuxBlock path traversal patterns in requests
Example ModSecurity rule: SecRule ARGS "\.\./" "id:1001,phase:2,deny,status:403,msg:'Path Traversal Attempt'
🧯 If You Can't Patch
- Implement strict file permissions (e.g., 644 for files, 755 for directories) and ensure web server cannot access sensitive directories
- Deploy web application firewall (WAF) with path traversal protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Consulting Elementor Widgets' version ≤1.3.0Check Version:
wp plugin list --name='consulting-elementor-widgets' --field=version (if WP-CLI installed)Verify Fix Applied:
Verify plugin version is 1.3.1 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' or similar path traversal patterns to plugin endpoints
- Unusual file access patterns from web server process
Network Indicators:
- HTTP requests with path traversal payloads (e.g., GET /wp-content/plugins/consulting-elementor-widgets/.../../wp-config.php)
SIEM Query:
source="web_server_logs" AND (uri="*consulting-elementor-widgets*" AND (uri="*../*" OR uri="*..\\*"))🔗 References
- https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
