CVE-2024-5329
📋 TL;DR
This vulnerability allows authenticated WordPress users with Contributor-level access or higher to perform blind SQL injection attacks via the 'data[addonID]' parameter in the Unlimited Elements For Elementor plugin. Attackers can extract sensitive database information by injecting malicious SQL queries. All WordPress sites using this plugin up to version 1.5.109 are affected.
💻 Affected Systems
- Unlimited Elements For Elementor (Free Widgets, Addons, Templates) WordPress plugin
📦 What is this software?
Unlimited Elements For Elementor by Unlimited Elements
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including extraction of sensitive user data, admin credentials, and potential privilege escalation leading to full site takeover.
Likely Case
Data exfiltration of sensitive information from the WordPress database, including user credentials, personal data, and plugin configuration details.
If Mitigated
Limited impact with proper input validation and prepared statements preventing SQL injection, restricting database access to authorized queries only.
🎯 Exploit Status
Exploitation requires authenticated access but uses common SQL injection techniques. The vulnerability is well-documented in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.5.110 or later
Vendor Advisory: https://wordpress.org/plugins/unlimited-elements-for-elementor/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Unlimited Elements For Elementor'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.5.110+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched
wp plugin deactivate unlimited-elements-for-elementor
Restrict User Roles
allTemporarily remove Contributor and higher roles from untrusted users
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block SQL injection patterns targeting the 'data[addonID]' parameter
- Restrict database user permissions to SELECT-only for the WordPress database user
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins → Installed Plugins. If version is 1.5.109 or lower, you are vulnerable.Check Version:
wp plugin get unlimited-elements-for-elementor --field=versionVerify Fix Applied:
Verify plugin version is 1.5.110 or higher. Test the affected functionality to ensure SQL injection is no longer possible.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in WordPress debug logs
- Multiple failed authentication attempts followed by successful Contributor login
- Unusual database query patterns from WordPress processes
Network Indicators:
- HTTP POST requests containing SQL injection patterns in 'data[addonID]' parameter
- Unusual outbound database connections from web server
SIEM Query:
source="wordpress.log" AND ("data[addonID]" AND ("UNION" OR "SELECT" OR "INSERT" OR "UPDATE" OR "DELETE" OR "DROP" OR "--" OR "' OR '1'='1"))🔗 References
- https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_addons.class.php#L999
- https://plugins.trac.wordpress.org/changeset/3097249/#file6
- https://wordpress.org/plugins/unlimited-elements-for-elementor/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f33d77b7-5412-47bf-9bed-8617151723c9?source=cve
- https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_addons.class.php#L999
- https://plugins.trac.wordpress.org/changeset/3097249/#file6
- https://wordpress.org/plugins/unlimited-elements-for-elementor/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f33d77b7-5412-47bf-9bed-8617151723c9?source=cve
