CVE-2024-5332
📋 TL;DR
This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the Exclusive Addons for Elementor plugin's Card widget. The scripts are stored and execute whenever users view the compromised pages, enabling cross-site scripting attacks. All WordPress sites using this plugin up to version 2.6.9.8 are affected.
💻 Affected Systems
- Exclusive Addons for Elementor WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, redirect users to malicious sites, deface websites, or perform actions on behalf of authenticated users, potentially leading to complete site compromise.
Likely Case
Attackers with contributor access inject malicious scripts to steal user session cookies, redirect visitors to phishing sites, or display unwanted content on affected pages.
If Mitigated
With proper user access controls and content security policies, impact is limited to defacement or minor content manipulation on specific pages.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has contributor credentials. The vulnerability is in a popular WordPress plugin making it an attractive target.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.9.9 and later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3103786/exclusive-addons-for-elementor
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Exclusive Addons for Elementor'. 4. Click 'Update Now' if available, or manually update to version 2.6.9.9+. 5. Clear any caching plugins/CDN caches.
🔧 Temporary Workarounds
Disable Card Widget
allTemporarily disable the vulnerable Card widget in the Exclusive Addons plugin settings
Restrict User Roles
allTemporarily remove contributor-level editing permissions from untrusted users
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to limit script execution
- Use web application firewall rules to block suspicious script injection patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Exclusive Addons for Elementor → Version number. If version is 2.6.9.8 or lower, you are vulnerable.Check Version:
wp plugin list --name='exclusive-addons-for-elementor' --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 2.6.9.9 or higher in WordPress admin plugins page.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with Card widget parameters
- Multiple failed login attempts followed by successful contributor-level login
Network Indicators:
- Unexpected script tags in page responses containing 'exad-card' class or widget references
SIEM Query:
source="wordpress.log" AND ("exad-card" OR "exclusive-addons") AND ("script" OR "onclick" OR "javascript:")🔗 References
- https://plugins.trac.wordpress.org/changeset/3103786/exclusive-addons-for-elementor
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a8c547cc-2820-4138-b042-a0ec2e7f2fca?source=cve
- https://plugins.trac.wordpress.org/changeset/3103786/exclusive-addons-for-elementor
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a8c547cc-2820-4138-b042-a0ec2e7f2fca?source=cve
