CVE-2024-4570
📋 TL;DR
The Elementor Addon Elements WordPress plugin has a stored cross-site scripting (XSS) vulnerability in versions up to 1.13.5. Authenticated attackers with contributor-level permissions or higher can inject malicious scripts via the 'url' parameter, which execute when users view compromised pages. This affects WordPress sites using the vulnerable plugin.
💻 Affected Systems
- Elementor Addon Elements for WordPress
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, redirect users to malicious sites, deface websites, or perform actions on behalf of authenticated users, potentially leading to complete site compromise.
Likely Case
Attackers inject malicious scripts to steal user credentials or session tokens, potentially gaining administrative access to the WordPress site.
If Mitigated
With proper user role management and input validation, impact is limited to low-privileged user account compromise.
🎯 Exploit Status
Exploitation requires contributor-level WordPress access. Public proof-of-concept exists in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.13.6 and later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3107074/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Addon Elements for Elementor Page Builder'. 4. Click 'Update Now' if available, or manually update to version 1.13.6+. 5. Verify update completes successfully.
🔧 Temporary Workarounds
Remove Contributor Role Access
allTemporarily restrict contributor-level users from creating or editing content until patch is applied.
Disable Vulnerable Plugin
allDeactivate the Addon Elements plugin until patched version is available.
🧯 If You Can't Patch
- Implement strict user role management: limit contributor accounts to trusted users only
- Add web application firewall (WAF) rules to block XSS payloads targeting the 'url' parameter
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for 'Addon Elements for Elementor Page Builder' version 1.13.5 or lower.Check Version:
wp plugin list --name='addon-elements-for-elementor-page-builder' --field=versionVerify Fix Applied:
Confirm plugin version is 1.13.6 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to WordPress admin-ajax.php with 'url' parameter containing script tags
- Multiple failed login attempts followed by successful contributor-level login
Network Indicators:
- HTTP requests containing JavaScript in URL parameters
- Unexpected outbound connections from WordPress server
SIEM Query:
source="wordpress.log" AND ("admin-ajax.php" AND "url=" AND ("<script>" OR "javascript:"))🔗 References
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13.4/classes/helper.php#L232
- https://plugins.trac.wordpress.org/changeset/3107074/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ab5f43c0-83d3-4d09-becd-a3552bebd609?source=cve
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13.4/classes/helper.php#L232
- https://plugins.trac.wordpress.org/changeset/3107074/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ab5f43c0-83d3-4d09-becd-a3552bebd609?source=cve
