CVE-2024-47392 – This stored cross-site scripting (XSS) vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-47392?

CVE-2024-47392 has a CVSS score of 6.5 (MEDIUM). This stored cross-site scripting (XSS) vulnerability in the Element Pack Elementor Addons WordPress plugin allows attackers to inject malicious scripts into web pages. When users view pages containing the malicious content, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

This stored cross-site scripting (XSS) vulnerability in the Element Pack Elementor Addons WordPress plugin allows attackers to inject malicious scripts into web pages. When users view pages containing the malicious content, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

BdThemes Element Pack Elementor Addons WordPress plugin

Versions: All versions through 5.7.5

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with the vulnerable plugin enabled. The vulnerability is in the plugin's input handling during web page generation.

📦 What is this software?

Element Pack by Bdthemes

View all CVEs affecting Element Pack →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, take over WordPress sites, deface websites, or redirect visitors to malicious sites, potentially compromising all site data and user information.

🟠

Likely Case

Attackers inject malicious JavaScript that steals user session cookies or credentials when users visit compromised pages, leading to account takeover and unauthorized access.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts would be neutralized before reaching users' browsers, preventing execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Stored XSS vulnerabilities are commonly exploited. While no public PoC is mentioned, the vulnerability type is well-understood and easily weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 5.7.5

Vendor Advisory: https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-plugin-5-7-5-cross-site-scripting-xss-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Element Pack Elementor Addons'. 4. Click 'Update Now' if available. 5. If no update is available, deactivate and delete the plugin, then install the latest version from WordPress repository.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the Element Pack Elementor Addons plugin until patched

wp plugin deactivate bdthemes-element-pack-lite

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or add to WordPress functions.php: header("Content-Security-Policy: default-src 'self'; script-src 'self'");

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block XSS payloads
Restrict plugin access to trusted users only and monitor for suspicious content changes

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for 'Element Pack Elementor Addons' version 5.7.5 or earlier

Check Version:

wp plugin get bdthemes-element-pack-lite --field=version

Verify Fix Applied:

Verify plugin version is higher than 5.7.5 in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual plugin file modifications
Suspicious POST requests to plugin endpoints
Administrative actions from unexpected IPs

Network Indicators:

Malicious script injections in HTTP responses
Unexpected external script loads

SIEM Query:

source="wordpress.log" AND ("element-pack" OR "bdthemes") AND ("POST" OR "UPDATE") AND ("script" OR "javascript" OR "onload" OR "onerror")

📊 Metadata

CVE ID: CVE-2024-47392

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

Published: October 5, 2024

Last Updated: January 22, 2025

🔗 References

https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-plugin-5-7-5-cross-site-scripting-xss-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47392, you might also want to check these: