CVE-2024-8482
📋 TL;DR
This stored XSS vulnerability in the Royal Elementor Addons WordPress plugin allows authenticated attackers with Contributor-level access or higher to inject malicious scripts into website pages. The scripts execute whenever users visit the compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Royal Elementor Addons and Templates WordPress plugin
📦 What is this software?
Royal Elementor Addons by Royal Elementor Addons
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.
Likely Case
Attackers with contributor accounts inject malicious scripts to steal user session cookies or credentials, potentially compromising user accounts.
If Mitigated
With proper user access controls and input validation, impact is limited to isolated script execution without broader system compromise.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once attacker has contributor-level credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.987
Vendor Advisory: https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.3.987
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Royal Elementor Addons and Templates'. 4. Click 'Update Now' if available, or manually update to version 1.3.987+. 5. Verify update completes successfully.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the Royal Elementor Addons plugin until patched
wp plugin deactivate royal-elementor-addons
Restrict user roles
allTemporarily remove Contributor role access or limit to trusted users only
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to limit script execution
- Add web application firewall rules to block XSS payloads in URL parameters
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Royal Elementor Addons version. If version ≤ 1.3.982, vulnerable.Check Version:
wp plugin get royal-elementor-addons --field=versionVerify Fix Applied:
Verify plugin version is 1.3.987 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to team-member widget endpoints with script tags in URL parameters
- Multiple failed login attempts followed by contributor account access
Network Indicators:
- HTTP requests containing <script> tags in URL parameters to WordPress admin-ajax.php or similar endpoints
SIEM Query:
source="wordpress.log" AND ("wpr-team-member" OR "royal-elementor") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")🔗 References
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.3.987/modules/team-member/widgets/wpr-team-member.php?rev=3162784
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/team-member/widgets/wpr-team-member.php#L1746
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5ccece54-18fa-42e4-ba1a-d0879b73d66d?source=cve
