CVE-2024-4634
📋 TL;DR
This vulnerability allows authenticated WordPress users with contributor-level permissions or higher to inject malicious scripts into website pages using the Elementor Header & Footer Builder plugin. The scripts are stored and execute whenever users visit the compromised pages, enabling persistent cross-site scripting attacks. WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Elementor Header & Footer Builder for WordPress
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, redirect users to malicious sites, deface websites, or install backdoors for persistent access.
Likely Case
Malicious actors inject scripts to steal user session cookies, redirect visitors to phishing sites, or display unwanted advertisements.
If Mitigated
With proper user permission controls and content security policies, impact is limited to potential data leakage from users accessing compromised pages.
🎯 Exploit Status
Exploitation requires contributor-level access. Public proof-of-concept details the vulnerable function and injection method.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.6.29 and later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3086402/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Elementor Header & Footer Builder'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.6.29+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Restrict User Permissions
allTemporarily limit contributor-level users from editing posts/pages until patch is applied.
Implement Content Security Policy
linuxAdd CSP headers to restrict script execution from unauthorized sources.
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";
🧯 If You Can't Patch
- Disable the Elementor Header & Footer Builder plugin completely
- Implement strict user access controls and audit all contributor-level accounts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → Elementor Header & Footer Builder version numberCheck Version:
wp plugin list --name='Elementor Header & Footer Builder' --field=versionVerify Fix Applied:
Confirm plugin version is 1.6.29 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual post/page edits by contributor-level users
- Multiple failed login attempts followed by successful contributor login
- Administrator accounts accessing suspicious posts
Network Indicators:
- External script loads from unexpected domains in page responses
- Unusual outbound connections after page visits
SIEM Query:
source="wordpress.log" AND (event="post_updated" OR event="page_updated") AND user_role="contributor" AND plugin_version<"1.6.29"🔗 References
- https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.28/inc/widgets-manager/class-widgets-loader.php#L156
- https://plugins.trac.wordpress.org/changeset/3086402/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f44bb823-bbf3-413b-82b5-a351609270bf?source=cve
- https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.28/inc/widgets-manager/class-widgets-loader.php#L156
- https://plugins.trac.wordpress.org/changeset/3086402/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f44bb823-bbf3-413b-82b5-a351609270bf?source=cve
