CVE-2024-4376 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2024-4376?

CVE-2024-4376 has a CVSS score of 6.4 (MEDIUM). This vulnerability allows authenticated attackers with contributor-level access or higher to inject malicious scripts into WordPress pages using the Premium Addons for Elementor plugin's Fancy Text widget. The scripts execute whenever users view the compromised pages, enabling session hijacking, defacement, or malware distribution. All WordPress sites using vulnerable plugin versions are affected.

📋 TL;DR

This vulnerability allows authenticated attackers with contributor-level access or higher to inject malicious scripts into WordPress pages using the Premium Addons for Elementor plugin's Fancy Text widget. The scripts execute whenever users view the compromised pages, enabling session hijacking, defacement, or malware distribution. All WordPress sites using vulnerable plugin versions are affected.

💻 Affected Systems

Products:

Premium Addons for Elementor WordPress plugin

Versions: All versions up to and including 4.10.31

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with Elementor and the Premium Addons plugin installed. Contributor-level access or higher is needed to exploit.

📦 What is this software?

Premium Addons For Elementor by Leap13

View all CVEs affecting Premium Addons For Elementor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, redirect users to malicious sites, install backdoors, or compromise the entire WordPress installation and potentially the server.

🟠

Likely Case

Attackers with contributor access inject malicious scripts to steal user session cookies, display fraudulent content, or redirect users to phishing pages.

🟢

If Mitigated

With proper user role management and input validation, impact is limited to defacement of specific pages rather than full site compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once an attacker has contributor privileges. The vulnerability is in a popular WordPress plugin making it an attractive target.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.10.33

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3090037/premium-addons-for-elementor/trunk/widgets/premium-fancytext.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Premium Addons for Elementor'. 4. Click 'Update Now' if available, or download version 4.10.33+ from WordPress repository. 5. Activate the updated plugin.

🔧 Temporary Workarounds

Remove Contributor Access

all

Temporarily remove contributor-level access for untrusted users until patching is complete.

Use WordPress user management to modify roles

Disable Fancy Text Widget

all

Disable the vulnerable widget through Elementor settings or code.

Add define('PA_DISABLE_FANCYTEXT', true); to wp-config.php

🧯 If You Can't Patch

Implement strict user role management and audit contributor accounts
Deploy web application firewall (WAF) rules to block XSS payloads targeting the Fancy Text widget

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for 'Premium Addons for Elementor' version. If version is 4.10.31 or lower, you are vulnerable.

Check Version:

wp plugin list --name='premium-addons-for-elementor' --field=version

Verify Fix Applied:

After updating, verify the plugin version shows 4.10.33 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-admin/admin-ajax.php with Fancy Text widget parameters
Multiple failed login attempts followed by contributor account access

Network Indicators:

Script tags with unusual attributes in Fancy Text widget responses
External JavaScript loading from unexpected domains

SIEM Query:

source="wordpress.log" AND ("premium-fancytext" OR "typed.js") AND ("script" OR "onerror" OR "javascript:")

📊 Metadata

CVE ID: CVE-2024-4376

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: May 31, 2024

Last Updated: January 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4376, you might also want to check these: