CVE-2024-8515
📋 TL;DR
The Themesflat Addons For Elementor WordPress plugin has a stored XSS vulnerability that allows authenticated attackers with Contributor access or higher to inject malicious scripts into web pages. These scripts execute when users visit the compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using this plugin version 2.2.1 or earlier are affected.
💻 Affected Systems
- Themesflat Addons For Elementor WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.
Likely Case
Attackers with contributor accounts inject malicious scripts to steal user session cookies or credentials, potentially escalating privileges.
If Mitigated
With proper input validation and output escaping, malicious scripts are neutralized before execution, preventing exploitation.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward due to insufficient input sanitization in multiple widgets.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.2.2 or later
Vendor Advisory: https://wordpress.org/plugins/themesflat-addons-for-elementor/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Themesflat Addons For Elementor'. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable vulnerable widgets
allTemporarily disable affected widgets (TF E Slider, TF Video, TF Team, etc.) via Elementor settings to prevent exploitation.
Restrict user roles
allLimit Contributor and higher role assignments to trusted users only until patching.
🧯 If You Can't Patch
- Remove or disable the Themesflat Addons For Elementor plugin entirely
- Implement strict Content Security Policy (CSP) headers to mitigate script execution
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins > Installed Plugins. If version is 2.2.1 or earlier, you are vulnerable.Check Version:
wp plugin list --name=themesflat-addons-for-elementor --field=versionVerify Fix Applied:
After updating, verify plugin version shows 2.2.2 or later. Test affected widgets with malicious input to ensure sanitization.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to widget update endpoints
- Suspicious JavaScript in page content or URL parameters
Network Indicators:
- Unexpected script tags in HTTP responses from affected pages
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "elementor") AND (http_method="POST" AND (param_name CONTAINS "url" OR param_name CONTAINS "link"))🔗 References
- https://plugins.trac.wordpress.org/browser/themesflat-addons-for-elementor/trunk/assets/js/tf-carousel.js#L41
- https://plugins.trac.wordpress.org/browser/themesflat-addons-for-elementor/trunk/assets/js/tf-post.js#L42
- https://plugins.trac.wordpress.org/browser/themesflat-addons-for-elementor/trunk/assets/js/tf-testimonial.js#L41
- https://plugins.trac.wordpress.org/browser/themesflat-addons-for-elementor/trunk/assets/js/tf-woo-product.js#L42
- https://plugins.trac.wordpress.org/browser/themesflat-addons-for-elementor/trunk/widgets/widget-flex-slide.php#L2522
- https://plugins.trac.wordpress.org/browser/themesflat-addons-for-elementor/trunk/widgets/widget-team.php#L1234
- https://plugins.trac.wordpress.org/browser/themesflat-addons-for-elementor/trunk/widgets/widget-team.php#L1285
- https://plugins.trac.wordpress.org/browser/themesflat-addons-for-elementor/trunk/widgets/widget-video.php#L318
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1603c61b-11a3-41e5-b339-a9411b02f383?source=cve
