CVE-2024-4858
📋 TL;DR
The Testimonial Carousel For Elementor WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to modify plugin settings. Specifically, attackers can update the OpenAI API key, which disables the AI-generated testimonial feature. This affects all WordPress sites using plugin versions up to 10.2.0.
💻 Affected Systems
- Testimonial Carousel For Elementor WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers disable AI testimonial generation functionality, potentially disrupting website content automation and requiring manual intervention to restore functionality.
Likely Case
Attackers disable the OpenAI API integration, breaking the AI-generated testimonial feature until administrators notice and reconfigure the plugin.
If Mitigated
With proper access controls and monitoring, the impact is limited to temporary service disruption that can be quickly detected and restored.
🎯 Exploit Status
The vulnerability is simple to exploit as it requires no authentication and involves sending a crafted request to the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.2.1
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3092154/testimonials-carousel-elementor/trunk/class-testimonials-carousel-elementor.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Testimonial Carousel For Elementor'. 4. Click 'Update Now' if available, or download version 10.2.1+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily deactivate the vulnerable plugin until patched
wp plugin deactivate testimonials-carousel-elementor
Web Application Firewall Rule
allBlock requests to the vulnerable endpoint
Add WAF rule to block POST requests containing 'save_testimonials_option_callback'
🧯 If You Can't Patch
- Implement strict network access controls to limit who can access the WordPress admin interface
- Enable detailed logging and monitoring for unauthorized configuration changes to the plugin
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Testimonial Carousel For Elementor > Version. If version is 10.2.0 or lower, you are vulnerable.Check Version:
wp plugin get testimonials-carousel-elementor --field=versionVerify Fix Applied:
After updating, verify plugin version shows 10.2.1 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action 'save_testimonials_option_callback' from unauthenticated users
- Unauthorized plugin configuration changes in WordPress logs
Network Indicators:
- Unusual POST requests to WordPress admin-ajax.php endpoint with specific parameter patterns
SIEM Query:
source="wordpress.log" AND "save_testimonials_option_callback" AND NOT user="authenticated"🔗 References
- https://plugins.trac.wordpress.org/browser/testimonials-carousel-elementor/trunk/class-testimonials-carousel-elementor.php#L126
- https://plugins.trac.wordpress.org/changeset/3092154/testimonials-carousel-elementor/trunk/class-testimonials-carousel-elementor.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1f589345-a081-4d27-ac4a-6edc44b96f91?source=cve
- https://plugins.trac.wordpress.org/browser/testimonials-carousel-elementor/trunk/class-testimonials-carousel-elementor.php#L126
- https://plugins.trac.wordpress.org/changeset/3092154/testimonials-carousel-elementor/trunk/class-testimonials-carousel-elementor.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1f589345-a081-4d27-ac4a-6edc44b96f91?source=cve
