CVE-2024-37479
📋 TL;DR
This Local File Inclusion vulnerability in LA-Studio Element Kit for Elementor allows attackers to include arbitrary local files via the 'progress_type' attribute in the Progress Bar widget. This affects WordPress sites using the vulnerable plugin versions, potentially exposing sensitive server files. Attackers can exploit this to read configuration files, source code, or other sensitive data.
💻 Affected Systems
- LA-Studio Element Kit for Elementor WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive files like wp-config.php (containing database credentials), followed by database access, privilege escalation, or remote code execution.
Likely Case
Information disclosure of sensitive files including configuration files, source code, or user data stored on the server.
If Mitigated
Limited impact with proper file permissions and web server configurations that restrict access to sensitive directories.
🎯 Exploit Status
Exploitation requires contributor-level access or higher to create/edit posts with Elementor. The vulnerability is in the Progress Bar widget configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.8.2 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'LA-Studio Element Kit for Elementor'. 4. Click 'Update Now' if available, or download version 1.3.8.2+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable Progress Bar Widget
allTemporarily disable the vulnerable Progress Bar widget until patching is possible.
Add to theme's functions.php: add_filter('elementor/widgets/register', function($widgets_manager) { $widgets_manager->unregister('lastudiokit-progress-bar'); });
Restrict User Roles
allLimit post editing capabilities to trusted administrators only.
Use WordPress role management plugins or add role restrictions in wp-config.php
🧯 If You Can't Patch
- Remove or deactivate the LA-Studio Element Kit plugin entirely
- Implement strict file permissions (chmod 600 for sensitive files, chmod 755 for directories)
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for LA-Studio Element Kit version. If version is 1.3.8.1 or earlier, you are vulnerable.Check Version:
wp plugin get lastudio-element-kit --field=version (if WP-CLI installed) or check WordPress admin panelVerify Fix Applied:
After updating, verify the plugin version shows 1.3.8.2 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in web server logs, especially attempts to access /wp-content/plugins/lastudio-element-kit/ with file inclusion parameters
Network Indicators:
- HTTP requests containing 'progress_type' parameter with file paths
SIEM Query:
web_access_logs WHERE url CONTAINS 'progress_type' AND (url CONTAINS '../' OR url CONTAINS '/etc/' OR url CONTAINS 'wp-config')🔗 References
- https://patchstack.com/database/vulnerability/lastudio-element-kit/wordpress-la-studio-element-kit-for-elementor-plugin-1-3-8-1-local-file-inclusion-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/lastudio-element-kit/wordpress-la-studio-element-kit-for-elementor-plugin-1-3-8-1-local-file-inclusion-vulnerability?_s_id=cve
