CVE-2024-4862
📋 TL;DR
This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into web pages using the WPBITS Addons For Elementor plugin. The scripts are stored and execute whenever users visit the compromised pages, enabling session hijacking, defacement, or malware distribution. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- WPBITS Addons For Elementor Page Builder
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access, steal sensitive data, install backdoors, or distribute malware to site visitors.
Likely Case
Site defacement, cookie/session theft, redirects to malicious sites, or credential harvesting from users.
If Mitigated
Limited to authenticated users only, with minimal impact if proper user role management and content review processes exist.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once attacker has contributor privileges. Multiple widget entry points increase attack surface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.5
Vendor Advisory: https://wordpress.org/plugins/wpbits-addons-for-elementor/
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'WPBITS Addons For Elementor'
4. Click 'Update Now' if available
5. If no update available, deactivate and remove plugin
6. Check for updated version on WordPress plugin repository
🔧 Temporary Workarounds
Restrict User Roles
allTemporarily limit contributor-level access or implement additional content approval workflows
Content Security Policy
linuxImplement CSP headers to restrict script execution sources
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or add to WordPress functions.php: header("Content-Security-Policy: default-src 'self'; script-src 'self'");
🧯 If You Can't Patch
- Deactivate and remove the WPBITS Addons For Elementor plugin immediately
- Implement strict user role management and review all content from contributors
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'WPBITS Addons For Elementor' version 1.5 or lowerCheck Version:
wp plugin list --name='wpbits-addons-for-elementor' --field=versionVerify Fix Applied:
Verify plugin version is higher than 1.5 or plugin is removed from installed plugins list📡 Detection & Monitoring
Log Indicators:
- Unusual content modifications by contributor users
- Multiple page edits in short timeframes
- Script tags in page content from non-admin users
Network Indicators:
- External script loads from pages that shouldn't have them
- Unusual redirect patterns
SIEM Query:
source="wordpress" AND (event="page_edit" AND user_role="contributor" AND content CONTAINS "<script>")🔗 References
- https://plugins.trac.wordpress.org/browser/wpbits-addons-for-elementor/trunk/includes/widgets/accordion.php#L868
- https://plugins.trac.wordpress.org/browser/wpbits-addons-for-elementor/trunk/includes/widgets/business_hours.php#L560
- https://plugins.trac.wordpress.org/browser/wpbits-addons-for-elementor/trunk/includes/widgets/logo_grid.php#L716
- https://plugins.trac.wordpress.org/browser/wpbits-addons-for-elementor/trunk/includes/widgets/price_table.php#L2040
- https://plugins.trac.wordpress.org/browser/wpbits-addons-for-elementor/trunk/includes/widgets/tabs.php#L824
- https://plugins.trac.wordpress.org/changeset/3113578/wpbits-addons-for-elementor/trunk/includes/widgets/accordion.php
- https://plugins.trac.wordpress.org/changeset/3113578/wpbits-addons-for-elementor/trunk/includes/widgets/business_hours.php
- https://plugins.trac.wordpress.org/changeset/3113578/wpbits-addons-for-elementor/trunk/includes/widgets/logo_grid.php
- https://plugins.trac.wordpress.org/changeset/3113578/wpbits-addons-for-elementor/trunk/includes/widgets/price_table.php
- https://plugins.trac.wordpress.org/changeset/3113578/wpbits-addons-for-elementor/trunk/includes/widgets/tabs.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5f459033-1c95-4781-93f4-1ee5e310933a?source=cve
- https://plugins.trac.wordpress.org/browser/wpbits-addons-for-elementor/trunk/includes/widgets/accordion.php#L868
- https://plugins.trac.wordpress.org/browser/wpbits-addons-for-elementor/trunk/includes/widgets/business_hours.php#L560
- https://plugins.trac.wordpress.org/browser/wpbits-addons-for-elementor/trunk/includes/widgets/logo_grid.php#L716
- https://plugins.trac.wordpress.org/browser/wpbits-addons-for-elementor/trunk/includes/widgets/price_table.php#L2040
- https://plugins.trac.wordpress.org/browser/wpbits-addons-for-elementor/trunk/includes/widgets/tabs.php#L824
- https://plugins.trac.wordpress.org/changeset/3113578/wpbits-addons-for-elementor/trunk/includes/widgets/accordion.php
- https://plugins.trac.wordpress.org/changeset/3113578/wpbits-addons-for-elementor/trunk/includes/widgets/business_hours.php
- https://plugins.trac.wordpress.org/changeset/3113578/wpbits-addons-for-elementor/trunk/includes/widgets/logo_grid.php
- https://plugins.trac.wordpress.org/changeset/3113578/wpbits-addons-for-elementor/trunk/includes/widgets/price_table.php
- https://plugins.trac.wordpress.org/changeset/3113578/wpbits-addons-for-elementor/trunk/includes/widgets/tabs.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5f459033-1c95-4781-93f4-1ee5e310933a?source=cve
