CVE-2024-9935
📋 TL;DR
This vulnerability allows unauthenticated attackers to read arbitrary files on WordPress servers running the vulnerable PDF Generator Addon for Elementor Page Builder plugin. Attackers can access sensitive files like configuration files, database credentials, and other server data. All WordPress sites using this plugin up to version 1.7.5 are affected.
💻 Affected Systems
- PDF Generator Addon for Elementor Page Builder WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive configuration files containing database credentials, SSH keys, or other authentication secrets, leading to data breach, ransomware deployment, or complete site takeover.
Likely Case
Exfiltration of WordPress configuration files (wp-config.php) containing database credentials, leading to database compromise and potential site defacement or data theft.
If Mitigated
Limited information disclosure if server permissions restrict file access or if sensitive files are stored outside web-accessible directories.
🎯 Exploit Status
Exploitation requires only HTTP requests to the vulnerable endpoint with path traversal payloads. No authentication or special privileges needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.6 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'PDF Generator Addon for Elementor Page Builder'. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install fresh version 1.7.6+ from WordPress repository.
🔧 Temporary Workarounds
Disable vulnerable plugin
allDeactivate and remove the vulnerable plugin until patched version is available
wp plugin deactivate pdf-generator-addon-for-elementor-page-builder
wp plugin delete pdf-generator-addon-for-elementor-page-builder
Web Application Firewall rule
allBlock requests containing path traversal patterns to the vulnerable endpoint
WAF rule: Block requests to */wp-content/plugins/pdf-generator-addon-for-elementor-page-builder/public/class-pdf-generator-addon-for-elementor-page-builder-public.php with ../ patterns
🧯 If You Can't Patch
- Disable the PDF Generator Addon for Elementor Page Builder plugin immediately
- Implement strict file permission controls on web server directories
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for 'PDF Generator Addon for Elementor Page Builder' version ≤1.7.5Check Version:
wp plugin get pdf-generator-addon-for-elementor-page-builder --field=versionVerify Fix Applied:
Verify plugin version is 1.7.6 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /wp-content/plugins/pdf-generator-addon-for-elementor-page-builder/public/class-pdf-generator-addon-for-elementor-page-builder-public.php with ../ patterns
- Multiple failed file access attempts from single IP
Network Indicators:
- Unusual GET requests with file paths like ../../../etc/passwd or ../../../wp-config.php
SIEM Query:
source="web_access_logs" AND uri="*class-pdf-generator-addon-for-elementor-page-builder-public.php*" AND (uri="*../*" OR uri="*..%2f*")