CVE-2024-6340 – This vulnerability allows authenticated WordPre... (How to Fix)

Q: What is the severity of CVE-2024-6340?

CVE-2024-6340 has a CVSS score of 6.4 (MEDIUM). This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into web pages using the Premium Addons for Elementor plugin's Countdown widget. The injected scripts execute whenever users visit the compromised pages, enabling attackers to steal session cookies, redirect users, or perform other malicious actions. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into web pages using the Premium Addons for Elementor plugin's Countdown widget. The injected scripts execute whenever users visit the compromised pages, enabling attackers to steal session cookies, redirect users, or perform other malicious actions. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

Premium Addons for Elementor WordPress plugin

Versions: All versions up to and including 4.10.35

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with Elementor and the Premium Addons plugin installed. Contributor-level access or higher is needed to exploit.

📦 What is this software?

Premium Addons For Elementor by Leap13

View all CVEs affecting Premium Addons For Elementor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, take over the WordPress site, install backdoors, deface the site, or redirect visitors to malicious sites.

🟠

Likely Case

Attackers with contributor access inject malicious scripts to steal user session cookies, potentially compromising user accounts and enabling further attacks.

🟢

If Mitigated

With proper user role management and content review processes, the impact is limited to potential defacement or minor script injection that gets caught during content moderation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is technically simple once an attacker has contributor-level credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.10.36 and later

Vendor Advisory: https://wordpress.org/plugins/premium-addons-for-elementor/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Premium Addons for Elementor'. 4. Click 'Update Now' if available. 5. If not, download version 4.10.36+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable Countdown Widget

all

Temporarily disable the vulnerable Countdown widget until patching is possible

Navigate to Elementor → Settings → Advanced → Disable Countdown widget

Restrict User Roles

all

Temporarily remove contributor-level editing permissions from untrusted users

Use WordPress role management plugins or manually edit user capabilities

🧯 If You Can't Patch

Implement strict content review process for all posts/pages created by contributors
Use web application firewall (WAF) rules to block XSS payloads targeting the Countdown widget

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins → Premium Addons for Elementor version. If version is 4.10.35 or lower, you are vulnerable.

Check Version:

wp plugin list --name='premium-addons-for-elementor' --field=version (if WP-CLI installed)

Verify Fix Applied:

After updating, verify the plugin version shows 4.10.36 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to WordPress admin-ajax.php with countdown-related parameters
Multiple failed login attempts followed by successful contributor-level login

Network Indicators:

Outbound connections to suspicious domains from your WordPress site
Unusual JavaScript payloads in HTTP requests

SIEM Query:

source="wordpress.log" AND ("premium-countdown-timer" OR "countdown_widget") AND ("script" OR "javascript" OR "onload" OR "onerror")

📊 Metadata

CVE ID: CVE-2024-6340

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: July 3, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6340, you might also want to check these: