CVE-2024-7146
📋 TL;DR
The JetTabs for Elementor WordPress plugin contains a Local File Inclusion vulnerability that allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary PHP files on the server. This can lead to remote code execution, data theft, and privilege escalation. All WordPress sites using JetTabs for Elementor versions up to 2.2.3 are affected.
💻 Affected Systems
- JetTabs for Elementor WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise leading to data exfiltration, ransomware deployment, or complete site takeover via arbitrary PHP code execution.
Likely Case
Unauthorized file access, privilege escalation to administrator, and installation of backdoors or malware on vulnerable WordPress sites.
If Mitigated
Limited impact if proper file upload restrictions and server hardening are in place, though file inclusion could still expose sensitive data.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once attacker has Contributor-level credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.4
Vendor Advisory: https://crocoblock.com/plugins/jettabs/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find JetTabs for Elementor. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 2.2.4+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate JetTabs for Elementor plugin until patched
wp plugin deactivate jettabs-for-elementor
Restrict file uploads
linuxConfigure web server to block PHP file execution in upload directories
Add 'php_flag engine off' to .htaccess in wp-content/uploads directory
🧯 If You Can't Patch
- Remove Contributor and higher role access from untrusted users
- Implement web application firewall rules to block requests containing 'switcher_preset' parameter with file paths
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > JetTabs for Elementor version number. If version is 2.2.3 or lower, system is vulnerable.Check Version:
wp plugin get jettabs-for-elementor --field=versionVerify Fix Applied:
Verify plugin version is 2.2.4 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing 'switcher_preset' parameter with file paths
- Unusual file inclusion attempts in web server logs
- PHP errors related to file inclusion
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with switcher_preset parameter
- Unusual file paths in parameter values
SIEM Query:
source="web_server" AND (switcher_preset OR "admin-ajax.php") AND (php OR "./" OR "../")