CVE-2024-5555
📋 TL;DR
This vulnerability allows authenticated attackers with Contributor-level access or higher to inject malicious scripts into WordPress pages using the Element Pack Elementor Addons plugin. The scripts execute whenever users view the compromised pages, enabling session hijacking, defacement, or malware distribution. All WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress Plugin
📦 What is this software?
Element Pack by Bdthemes
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, redirect users to malicious sites, install backdoors, or completely compromise the WordPress site and potentially the hosting server.
Likely Case
Attackers will typically inject scripts to steal user session cookies, redirect visitors to phishing pages, or display malicious advertisements for financial gain.
If Mitigated
With proper user access controls and content security policies, impact is limited to defacement or temporary disruption of affected pages.
🎯 Exploit Status
Exploitation requires authenticated access but is trivial once authenticated. Public proof-of-concept exists in vulnerability disclosures.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.6.6 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3096559/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Element Pack Elementor Addons'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 5.6.6+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Disable vulnerable module
allTemporarily disable the Member module that contains the vulnerable code
Navigate to Element Pack settings in WordPress admin and disable Member widgets
Restrict user roles
allRemove Contributor role access or limit who can create/edit posts
Use WordPress role management plugins or custom code to restrict Contributor capabilities
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Install Web Application Firewall (WAF) with XSS protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Element Pack Elementor Addons → Version number. If version is 5.6.5 or lower, you are vulnerable.Check Version:
wp plugin list --name='Element Pack Elementor Addons' --field=versionVerify Fix Applied:
After updating, verify version shows 5.6.6 or higher. Test social-link-title parameter input to ensure scripts are properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to member.php with script tags in parameters
- Multiple failed login attempts followed by successful Contributor login
Network Indicators:
- Unexpected script tags in page responses containing 'social-link-title'
- External script loads from unusual domains in page content
SIEM Query:
source="wordpress.log" AND ("social-link-title" AND ("script" OR "javascript" OR "onclick"))🔗 References
- https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/member/widgets/member.php#L1273
- https://plugins.trac.wordpress.org/changeset/3096559/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb69e0e-f3d4-4b5b-9bdf-14018f4c7ecc?source=cve
- https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/member/widgets/member.php#L1273
- https://plugins.trac.wordpress.org/changeset/3096559/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb69e0e-f3d4-4b5b-9bdf-14018f4c7ecc?source=cve
