CVE-2024-7791
📋 TL;DR
This stored XSS vulnerability in the Xpro Elementor Addons WordPress plugin allows authenticated attackers with Contributor-level access or higher to inject malicious scripts into website pages. The scripts execute whenever users view the compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using this plugin up to version 1.4.4.3 are affected.
💻 Affected Systems
- Xpro Elementor Addons WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or perform actions as authenticated users, potentially leading to complete site compromise.
Likely Case
Attackers with contributor access inject malicious scripts that steal user session cookies or credentials when visitors view affected pages.
If Mitigated
With proper user role management and input validation, the risk is limited to authorized users intentionally exploiting their legitimate access.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.4.4 or later
Vendor Advisory: https://wordpress.org/plugins/xpro-elementor-addons/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find '140+ Widgets | Xpro Addons For Elementor – FREE'. 4. Click 'Update Now' if available, or download latest version from WordPress repository. 5. Activate updated plugin.
🔧 Temporary Workarounds
Disable vulnerable widget
allDisable the Post Grid widget in Elementor settings to prevent exploitation
Restrict user roles
allRemove Contributor-level access from untrusted users and implement least privilege
🧯 If You Can't Patch
- Disable the Xpro Elementor Addons plugin entirely
- Implement strict Content Security Policy (CSP) headers to mitigate XSS impact
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Xpro Elementor Addons version. If version is 1.4.4.3 or lower, you are vulnerable.Check Version:
wp plugin list --name=xpro-elementor-addons --field=versionVerify Fix Applied:
After updating, verify plugin version shows 1.4.4.4 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to post-grid.php with arrow parameter containing script tags
- Multiple failed login attempts followed by successful contributor login
Network Indicators:
- Outbound connections to suspicious domains from your WordPress site
- Unexpected JavaScript execution in page responses
SIEM Query:
source="wordpress.log" AND ("post-grid.php" AND "arrow=" AND ("<script" OR "javascript:"))🔗 References
- https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/post-grid/post-grid.php#L1891
- https://plugins.trac.wordpress.org/changeset/3141892/
- https://plugins.trac.wordpress.org/changeset/3141892/#file2
- https://wordpress.org/plugins/xpro-elementor-addons/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c6025dd5-a1d7-48cc-90b3-f020d3d2298b?source=cve
