CVE-2024-4359
📋 TL;DR
The Element Pack Elementor Addons plugin for WordPress has a vulnerability that allows authenticated attackers with contributor-level access or higher to read arbitrary files on the server. This can expose sensitive information like configuration files, database credentials, or other private data. All WordPress sites using this plugin up to version 5.7.2 are affected.
💻 Affected Systems
- Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress
📦 What is this software?
Element Pack by Bdthemes
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain access to wp-config.php containing database credentials, SSH keys, or other sensitive files, leading to complete site compromise and potential lateral movement to other systems.
Likely Case
Attackers read WordPress configuration files to obtain database credentials, then access or modify the database, potentially taking over the site or stealing user data.
If Mitigated
With proper access controls and file permissions, attackers can only read publicly accessible files, limiting exposure to non-sensitive information.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has contributor credentials. Public proof-of-concept code is available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.7.3 and later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/svg-image/widgets/svg-image.php#L847
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Element Pack Elementor Addons'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 5.7.3+ from WordPress.org and replace the plugin files.
🔧 Temporary Workarounds
Disable SVG Widget
allTemporarily disable the vulnerable SVG widget component until patching is possible
Add to theme's functions.php: add_filter('element_pack_widget_list', function($widgets) { unset($widgets['svg-image']); return $widgets; });
Restrict Contributor Access
allTemporarily remove contributor-level access for untrusted users
Use WordPress user management to downgrade or remove contributor roles
🧯 If You Can't Patch
- Remove the Element Pack plugin entirely and use alternative Elementor addons
- Implement strict file permissions (chmod 600 for sensitive files like wp-config.php)
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Element Pack Elementor Addons. If version is 5.7.2 or lower, you are vulnerable.Check Version:
wp plugin list --name='Element Pack Elementor Addons' --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 5.7.3 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in web server logs, especially requests to /wp-content/plugins/bdthemes-element-pack-lite/modules/svg-image/widgets/svg-image.php with file parameter
Network Indicators:
- HTTP requests containing file traversal sequences (../) to the SVG widget endpoint
SIEM Query:
source="web_access" AND uri="*svg-image.php*" AND (query="*file=*" OR query="*../*")