CVE-2024-5790
📋 TL;DR
This stored XSS vulnerability in Happy Addons for Elementor allows authenticated attackers with Contributor-level access or higher to inject malicious scripts into WordPress pages. When users visit compromised pages, the scripts execute in their browsers, potentially stealing session cookies or redirecting to malicious sites. All WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Happy Addons for Elementor WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over WordPress sites, install backdoors, deface websites, or redirect visitors to malware distribution sites.
Likely Case
Attackers with contributor accounts inject malicious scripts that steal user session data, display unwanted content, or redirect users to phishing pages.
If Mitigated
With proper user role management and input validation, impact is limited to content manipulation within contributor permissions.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple. Public proof-of-concept exists in vulnerability references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.11.2 or later
Vendor Advisory: https://wordpress.org/plugins/happy-elementor-addons/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Happy Addons for Elementor'. 4. Click 'Update Now' if available. 5. Alternatively, download version 3.11.2+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched
wp plugin deactivate happy-elementor-addons
Restrict User Roles
allTemporarily remove Contributor role permissions or limit user registration
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to limit script execution
- Use web application firewall (WAF) rules to block XSS payloads in URL parameters
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins → Installed Plugins. Look for Happy Addons for Elementor version 3.11.1 or earlier.Check Version:
wp plugin get happy-elementor-addons --field=versionVerify Fix Applied:
Confirm plugin version is 3.11.2 or later. Test Gradient Heading widget URL field with basic XSS payloads like <script>alert('test')</script> to ensure sanitization.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to Gradient Heading widget endpoints
- Suspicious JavaScript in page content or database entries
- Multiple failed login attempts followed by contributor account access
Network Indicators:
- Malicious script tags in HTTP responses from WordPress pages
- Unexpected redirects from legitimate pages
SIEM Query:
source="wordpress.log" AND ("gradient-heading" OR "happy-elementor-addons") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")🔗 References
- https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.11.0/widgets/gradient-heading/widget.php#L260
- https://plugins.trac.wordpress.org/changeset/3108597/#file575
- https://wordpress.org/plugins/happy-elementor-addons/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6d1b948a-7a7e-4bdf-af1d-559f34d4baa3?source=cve
- https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.11.0/widgets/gradient-heading/widget.php#L260
- https://plugins.trac.wordpress.org/changeset/3108597/#file575
- https://wordpress.org/plugins/happy-elementor-addons/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6d1b948a-7a7e-4bdf-af1d-559f34d4baa3?source=cve
