CVE-2024-4378
📋 TL;DR
This vulnerability allows authenticated attackers with contributor-level access or higher to inject malicious scripts into WordPress pages using the Premium Addons for Elementor plugin. The scripts execute when users visit the compromised pages, enabling session hijacking, credential theft, or content manipulation. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Premium Addons for Elementor WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, deface pages, redirect users to malicious sites, or install backdoors for persistent access.
Likely Case
Attackers inject malicious scripts to steal user session cookies, redirect visitors to phishing pages, or display unwanted advertisements.
If Mitigated
With proper user role management and content review processes, impact is limited to potential defacement of non-critical pages.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once attacker has contributor privileges. Multiple public references demonstrate the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.10.31 and later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3090037
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Premium Addons for Elementor'. 4. Click 'Update Now' if available. 5. Alternatively, download version 4.10.31+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Temporary plugin deactivation
allDisable the vulnerable plugin until patched
wp plugin deactivate premium-addons-for-elementor
Restrict user roles
allTemporarily remove contributor-level access for untrusted users
🧯 If You Can't Patch
- Implement strict content review process for all contributor submissions
- Install a web application firewall (WAF) with XSS protection rules
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins → Installed Plugins. If version is 4.10.30 or lower, you are vulnerable.Check Version:
wp plugin get premium-addons-for-elementor --field=versionVerify Fix Applied:
After updating, verify plugin version shows 4.10.31 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to menu or shape widget endpoints
- Multiple failed login attempts followed by successful contributor login
- Suspicious script tags in page content
Network Indicators:
- Outbound connections to unknown domains from your WordPress site
- Unexpected script loads in page responses
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" AND parameters CONTAINS "pa_nav_menu" OR "premium_shape")🔗 References
- https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/pa-nav-menu-walker.php#L394
- https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/modules/premium-shape-divider/module.php#L1047
- https://plugins.trac.wordpress.org/changeset/3090037
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f891a6c8-3d06-432e-8651-bb689015af1c?source=cve
- https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/pa-nav-menu-walker.php#L394
- https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/modules/premium-shape-divider/module.php#L1047
- https://plugins.trac.wordpress.org/changeset/3090037
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f891a6c8-3d06-432e-8651-bb689015af1c?source=cve
