CVE-2024-4265
📋 TL;DR
This vulnerability allows authenticated WordPress users with contributor-level permissions or higher to inject malicious scripts into web pages via the 'url' parameter in the Master Addons plugin. The injected scripts execute whenever users visit the compromised pages, enabling persistent cross-site scripting attacks. All WordPress sites using Master Addons plugin versions up to 2.0.5.9 are affected.
💻 Affected Systems
- Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
📦 What is this software?
Master Addons by Master Addons
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, hijack user sessions, redirect users to malicious sites, or deface the website completely.
Likely Case
Attackers with contributor access inject malicious scripts to steal user cookies, session tokens, or perform phishing attacks against site visitors.
If Mitigated
With proper input validation and output escaping, the vulnerability would be prevented, and only users with appropriate permissions could modify content.
🎯 Exploit Status
Exploitation requires authenticated access with contributor permissions or higher. The vulnerability is well-documented in public references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.6.0 and later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3078134/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Master Addons' and click 'Update Now'. 4. Verify the plugin version is 2.0.6.0 or higher.
🔧 Temporary Workarounds
Restrict User Permissions
allTemporarily restrict contributor-level permissions or review user accounts with contributor access.
Disable Vulnerable Components
allDisable the MA Image Carousel and MA Logo Slider addons until patched.
🧯 If You Can't Patch
- Implement a Web Application Firewall (WAF) with XSS protection rules
- Monitor for suspicious activity from contributor-level accounts and review all content changes
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → Master Addons version. If version is 2.0.5.9 or lower, you are vulnerable.Check Version:
wp plugin list --name='master-addons' --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 2.0.6.0 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual content modifications by contributor-level users
- Suspicious URL parameters in POST requests to plugin endpoints
Network Indicators:
- Script tags with unusual attributes in HTTP responses
- Requests to external domains from injected scripts
SIEM Query:
source="wordpress.log" AND ("ma-image-carousel" OR "ma-logo-slider") AND ("url=" OR "script")🔗 References
- https://plugins.trac.wordpress.org/browser/master-addons/trunk/addons/ma-image-carousel/ma-image-carousel.php#L915
- https://plugins.trac.wordpress.org/browser/master-addons/trunk/addons/ma-logo-slider/ma-logo-slider.php#L825
- https://plugins.trac.wordpress.org/changeset/3078134/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a9a48769-94d9-459f-b34b-fdfe4c10b36c?source=cve
- https://plugins.trac.wordpress.org/browser/master-addons/trunk/addons/ma-image-carousel/ma-image-carousel.php#L915
- https://plugins.trac.wordpress.org/browser/master-addons/trunk/addons/ma-logo-slider/ma-logo-slider.php#L825
- https://plugins.trac.wordpress.org/changeset/3078134/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a9a48769-94d9-459f-b34b-fdfe4c10b36c?source=cve
