CVE-2024-4788
📋 TL;DR
The Boostify Header Footer Builder for Elementor WordPress plugin has an authorization vulnerability that allows authenticated users with subscriber-level access or higher to create pages or posts with arbitrary content. This affects all versions up to and including 1.3.3. Attackers can inject malicious content or deface websites.
💻 Affected Systems
- Boostify Header Footer Builder for Elementor
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers create malicious pages that distribute malware, steal credentials via phishing, or deface the entire website, damaging reputation and causing business disruption.
Likely Case
Attackers create spam pages, inject SEO spam, or deface specific sections of the website to promote malicious content or disrupt operations.
If Mitigated
With proper access controls and monitoring, impact is limited to content creation that can be quickly detected and reverted without system compromise.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward via crafted HTTP requests to the vulnerable function.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.4 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/boostify-header-footer-builder/trunk/inc/admin/class-admin.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Boostify Header Footer Builder for Elementor'. 4. Click 'Update Now' if available, or manually update to version 1.3.4+. 5. Verify the plugin is active and functioning.
🔧 Temporary Workarounds
Restrict User Roles
allTemporarily limit user creation capabilities by modifying user roles to prevent subscribers from accessing content creation functions.
Use WordPress role management plugins or custom code to remove 'edit_posts' capability from subscriber role.
Disable Plugin
allDeactivate the vulnerable plugin until patched, though this may break header/footer functionality.
wp plugin deactivate boostify-header-footer-builder
🧯 If You Can't Patch
- Remove or restrict subscriber-level user accounts to minimize attack surface.
- Implement web application firewall (WAF) rules to block requests to the vulnerable create_bhf_post function.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel under Plugins > Installed Plugins for Boostify Header Footer Builder version 1.3.3 or lower.Check Version:
wp plugin get boostify-header-footer-builder --field=versionVerify Fix Applied:
Confirm the plugin version is 1.3.4 or higher in the WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with action=create_bhf_post from low-privilege users.
- Sudden increase in page/post creation events in WordPress logs.
Network Indicators:
- HTTP requests containing 'create_bhf_post' parameter from unauthorized IPs or user roles.
SIEM Query:
source="wordpress.log" AND "create_bhf_post" AND (user_role="subscriber" OR user_role="contributor")🔗 References
- https://plugins.trac.wordpress.org/browser/boostify-header-footer-builder/trunk/inc/admin/class-admin.php#L280
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1090acfc-5b0c-478a-ac71-db54fdaefdf5?source=cve
- https://plugins.trac.wordpress.org/browser/boostify-header-footer-builder/trunk/inc/admin/class-admin.php#L280
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1090acfc-5b0c-478a-ac71-db54fdaefdf5?source=cve
