CVE-2025-11536
📋 TL;DR
This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to perform blind Server-Side Request Forgery (SSRF) attacks via the Element Pack Addons plugin. Attackers can make arbitrary web requests from the vulnerable server to internal services, potentially querying or modifying sensitive information. All WordPress sites using Element Pack Addons for Elementor up to version 8.2.5 are affected.
💻 Affected Systems
- Element Pack Addons for Elementor WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access internal services, retrieve sensitive data from backend systems, or pivot to attack internal network resources from the compromised WordPress server.
Likely Case
Attackers with subscriber accounts could probe internal services, potentially discovering additional vulnerabilities or accessing internal APIs that shouldn't be exposed externally.
If Mitigated
With proper network segmentation and authentication controls, impact would be limited to the WordPress server's network segment only.
🎯 Exploit Status
Exploitation requires authenticated access but only at Subscriber level, which is the lowest WordPress user role. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 8.2.6 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/8.2.6/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Element Pack Addons for Elementor'. 4. Click 'Update Now' if available. 5. If no update appears, download version 8.2.6+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Disable vulnerable endpoint
allRemove or restrict access to the vulnerable wp_ajax_import_elementor_template action
Add to theme's functions.php or custom plugin: remove_action('wp_ajax_import_elementor_template', 'your_callback_function');
🧯 If You Can't Patch
- Restrict user registration or implement strong authentication controls to prevent unauthorized subscriber account creation
- Implement network segmentation to isolate WordPress server from sensitive internal services
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Element Pack Addons for Elementor. If version is 8.2.5 or lower, you are vulnerable.Check Version:
wp plugin list --name="Element Pack Addons for Elementor" --field=versionVerify Fix Applied:
After updating, verify plugin version shows 8.2.6 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with action=import_elementor_template
- Outbound requests from WordPress server to internal IP ranges
Network Indicators:
- WordPress server making unexpected HTTP requests to internal services
- Traffic from web server to non-web ports (SSH, database, etc.)
SIEM Query:
source="wordpress.log" AND (uri="/wp-admin/admin-ajax.php" AND parameters.action="import_elementor_template")