CVE-2024-5344 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-5344?

CVE-2024-5344 has a CVSS score of 6.1 (MEDIUM). This vulnerability allows unauthenticated attackers to perform reflected cross-site scripting (XSS) attacks via the 'forgoturl' parameter in The Plus Addons for Elementor plugin's WP Login & Register widget. Attackers can inject malicious scripts that execute when users click specially crafted links, potentially stealing session cookies or performing actions as the victim. All WordPress sites using this plugin up to version 5.5.6 are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to perform reflected cross-site scripting (XSS) attacks via the 'forgoturl' parameter in The Plus Addons for Elementor plugin's WP Login & Register widget. Attackers can inject malicious scripts that execute when users click specially crafted links, potentially stealing session cookies or performing actions as the victim. All WordPress sites using this plugin up to version 5.5.6 are affected.

💻 Affected Systems

Products:

The Plus Addons for Elementor Page Builder plugin for WordPress

Versions: All versions up to and including 5.5.6

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the WP Login & Register widget to be used on a page. The vulnerability is in the 'forgoturl' parameter handling.

📦 What is this software?

The Plus Addons For Elementor by Posimyth

View all CVEs affecting The Plus Addons For Elementor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain administrative access to WordPress, install backdoors, deface websites, or exfiltrate sensitive data.

🟠

Likely Case

Attackers steal user session cookies, perform actions as authenticated users, or redirect users to phishing/malware sites.

🟢

If Mitigated

With proper Content Security Policy (CSP) headers and input validation, impact is limited to script execution in specific contexts without cookie theft.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires tricking users into clicking malicious links. No authentication needed to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.5.7 or later

Vendor Advisory: https://roadmap.theplusaddons.com/updates/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'The Plus Addons for Elementor'. 4. Click 'Update Now' if update available. 5. Alternatively, download latest version from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable widget

all

Remove or disable the WP Login & Register widget from all pages/posts

Implement WAF rules

all

Add web application firewall rules to block requests containing XSS payloads in 'forgoturl' parameter

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to prevent script execution from untrusted sources
Use security plugins like Wordfence that include XSS protection and input validation

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins → Installed Plugins. If version is 5.5.6 or lower, you are vulnerable.

Check Version:

wp plugin list --name='The Plus Addons for Elementor' --field=version (if WP-CLI installed)

Verify Fix Applied:

After updating, verify plugin version is 5.5.7 or higher. Test the forgot password functionality with XSS payloads to confirm sanitization.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing script tags or JavaScript in 'forgoturl' parameter
Unusual referrer URLs in authentication logs

Network Indicators:

HTTP GET requests with long encoded parameters containing script elements
Requests to login pages with suspicious query strings

SIEM Query:

http.url:*forgoturl* AND (http.query:*script* OR http.query:*javascript* OR http.query:*onload* OR http.query:*onerror*)

📊 Metadata

CVE ID: CVE-2024-5344

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: June 21, 2024

Last Updated: November 21, 2024

🔗 References

https://roadmap.theplusaddons.com/updates/ Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/1ac8fb0b-21a9-4b94-bb24-b349a7fe3305?source=cve Third Party Advisory
https://roadmap.theplusaddons.com/updates/ Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/1ac8fb0b-21a9-4b94-bb24-b349a7fe3305?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5344, you might also want to check these: