CVE-2024-4643
📋 TL;DR
This stored XSS vulnerability in Element Pack Elementor Addons allows authenticated attackers with contributor-level permissions or higher to inject malicious scripts into WordPress pages. The scripts execute whenever users view the compromised pages, potentially stealing session cookies or redirecting to malicious sites. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
📦 What is this software?
Element Pack by Bdthemes
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, install backdoors, redirect users to phishing sites, or perform actions on behalf of authenticated users.
Likely Case
Session hijacking, cookie theft, defacement of website content, or redirection to malicious advertisements.
If Mitigated
Limited impact if proper input validation and output escaping are implemented, with only minor content manipulation possible.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once attacker has contributor permissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.7.2 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3109998/bdthemes-element-pack-lite/trunk/modules/countdown/widgets/countdown.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Element Pack Elementor Addons'. 4. Click 'Update Now' if update available. 5. Alternatively, download latest version from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched version is available
wp plugin deactivate bdthemes-element-pack-lite
Input Validation Filter
allAdd custom filter to sanitize 'end_redirect_link' parameter
Add to theme's functions.php: add_filter('pre_update_option_element_pack_settings', 'sanitize_end_redirect_link'); function sanitize_end_redirect_link($value) { if (isset($value['end_redirect_link'])) { $value['end_redirect_link'] = esc_url($value['end_redirect_link']); } return $value; }
🧯 If You Can't Patch
- Restrict contributor-level permissions to trusted users only
- Implement web application firewall (WAF) rules to block XSS payloads in 'end_redirect_link' parameter
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → Element Pack Elementor Addons version numberCheck Version:
wp plugin get bdthemes-element-pack-lite --field=versionVerify Fix Applied:
Verify plugin version is 5.7.2 or higher and test that script tags in 'end_redirect_link' parameter are properly escaped📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to countdown.php with script tags in parameters
- Multiple failed login attempts followed by successful contributor-level login
Network Indicators:
- Outbound connections to suspicious domains from your WordPress site
- Unexpected JavaScript execution in countdown widgets
SIEM Query:
source="wordpress.log" AND ("countdown.php" OR "end_redirect_link") AND ("<script>" OR "javascript:")