CVE-2024-5006
📋 TL;DR
This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious scripts into web pages using the Boostify Header Footer Builder for Elementor plugin. The scripts execute whenever users visit the compromised pages, enabling attackers to steal cookies, redirect users, or perform other malicious actions. All WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Boostify Header Footer Builder for Elementor WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, redirect users to malicious sites, deface websites, or install backdoors for persistent access.
Likely Case
Attackers with contributor accounts inject malicious scripts to steal user session data or redirect visitors to phishing sites.
If Mitigated
With proper user access controls and content security policies, impact is limited to defacement or minor data leakage.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once attacker has contributor-level credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.3 or later
Vendor Advisory: https://wordpress.org/plugins/boostify-header-footer-builder/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Boostify Header Footer Builder for Elementor'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.3.3+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the plugin until patched
wp plugin deactivate boostify-header-footer-builder
Restrict user roles
allLimit contributor-level access to trusted users only
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Regularly audit user accounts and remove unnecessary contributor-level access
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin → Plugins → Installed Plugins. If version is 1.3.2 or lower, you are vulnerable.Check Version:
wp plugin get boostify-header-footer-builder --field=versionVerify Fix Applied:
After updating, verify plugin version is 1.3.3 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to plugin endpoints with 'size' parameter containing script tags
- Multiple page edits by contributor-level users
Network Indicators:
- Unexpected script sources loading from your domain
- Suspicious outbound connections from your site
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "boostify") AND (param="size" AND value CONTAINS "<script")🔗 References
- https://plugins.trac.wordpress.org/browser/boostify-header-footer-builder/trunk/inc/elementor/widgets/class-mega-menu-vertical.php#L393
- https://plugins.trac.wordpress.org/browser/boostify-header-footer-builder/trunk/inc/elementor/widgets/class-mega-menu.php#L525
- https://plugins.trac.wordpress.org/changeset/3097085/#file9
- https://wordpress.org/plugins/boostify-header-footer-builder/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/72c2a5d4-f201-4cc8-ac49-cde1160ca468?source=cve
- https://plugins.trac.wordpress.org/browser/boostify-header-footer-builder/trunk/inc/elementor/widgets/class-mega-menu-vertical.php#L393
- https://plugins.trac.wordpress.org/browser/boostify-header-footer-builder/trunk/inc/elementor/widgets/class-mega-menu.php#L525
- https://plugins.trac.wordpress.org/changeset/3097085/#file9
- https://wordpress.org/plugins/boostify-header-footer-builder/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/72c2a5d4-f201-4cc8-ac49-cde1160ca468?source=cve
