CVE-2024-38687
📋 TL;DR
This stored XSS vulnerability in Sky Addons for Elementor allows attackers to inject malicious scripts into web pages, which execute when users view those pages. It affects WordPress sites using this plugin from all versions up to 2.5.5. Attackers could steal session cookies, redirect users, or perform actions on their behalf.
💻 Affected Systems
- Sky Addons for Elementor WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, install backdoors, or redirect visitors to malicious sites.
Likely Case
Attackers inject malicious scripts that steal user session cookies or redirect users to phishing pages when they visit compromised pages.
If Mitigated
With proper input validation and output encoding, the malicious scripts would be rendered harmless as text rather than executed.
🎯 Exploit Status
XSS vulnerabilities are commonly exploited, and this stored XSS would persist across sessions. Exploitation likely requires some level of access to inject the payload.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.5.6 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/sky-elementor-addons/wordpress-sky-addons-for-elementor-plugin-2-5-4-cross-site-scripting-xss-vulnerability
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Sky Addons for Elementor'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 2.5.6+ from WordPress.org and replace the plugin files.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable Sky Addons for Elementor until patched
wp plugin deactivate sky-elementor-addons
Implement Content Security Policy
allAdd CSP headers to restrict script execution sources
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or use WordPress CSP plugin
🧯 If You Can't Patch
- Remove the Sky Addons for Elementor plugin completely and use alternative Elementor addons
- Implement web application firewall (WAF) rules to block XSS payloads in plugin parameters
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Sky Addons for Elementor. If version is 2.5.5 or lower, you are vulnerable.Check Version:
wp plugin get sky-elementor-addons --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 2.5.6 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to plugin endpoints with script tags or JavaScript in parameters
- Multiple failed login attempts followed by plugin modification requests
Network Indicators:
- Outbound connections to suspicious domains from your WordPress site
- Unexpected redirects from your site pages
SIEM Query:
source="wordpress" AND (uri="*sky-elementor-addons*" AND (param="*<script>*" OR param="*javascript:*"))🔗 References
- https://patchstack.com/database/vulnerability/sky-elementor-addons/wordpress-sky-addons-for-elementor-plugin-2-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/sky-elementor-addons/wordpress-sky-addons-for-elementor-plugin-2-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve
