CVE-2025-1441
📋 TL;DR
This CSRF vulnerability in the Royal Elementor Addons WordPress plugin allows attackers to inject malicious scripts by tricking administrators into clicking malicious links. All WordPress sites using this plugin up to version 1.7.1007 are affected. The vulnerability stems from missing nonce validation in the product filtering functionality.
💻 Affected Systems
- Royal Elementor Addons and Templates WordPress plugin
📦 What is this software?
Royal Elementor Addons by Royal Elementor Addons
⚠️ Risk & Real-World Impact
Worst Case
Site takeover through admin account compromise leading to complete website defacement, data theft, or malware distribution to visitors.
Likely Case
Malicious script injection leading to SEO spam, redirects to malicious sites, or cookie theft from administrators.
If Mitigated
No impact if administrators don't click malicious links and proper CSRF protections are in place.
🎯 Exploit Status
Exploitation requires social engineering to trick administrators but technical complexity is low once the malicious link is clicked.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.1008
Vendor Advisory: https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.7.1008/classes/modules/wpr-filter-woo-products.php#L1904
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Royal Elementor Addons and Templates'. 4. Click 'Update Now' if available, or download version 1.7.1008+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the Royal Elementor Addons plugin until patched
wp plugin deactivate royal-elementor-addons
Implement CSRF protection headers
linuxAdd security headers to WordPress to help mitigate CSRF attacks
Add to .htaccess: Header set X-Frame-Options "SAMEORIGIN"
Add to .htaccess: Header set Content-Security-Policy "frame-ancestors 'self'"
🧯 If You Can't Patch
- Restrict admin panel access to trusted IP addresses only
- Implement mandatory multi-factor authentication for all administrator accounts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Royal Elementor Addons version. If version is 1.7.1007 or lower, you are vulnerable.Check Version:
wp plugin get royal-elementor-addons --field=versionVerify Fix Applied:
Verify plugin version is 1.7.1008 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with action=wpr_filter_woo_products
- Multiple failed CSRF token validations in WordPress logs
Network Indicators:
- Unexpected outbound connections from WordPress admin sessions
- Suspicious referrer headers in admin panel requests
SIEM Query:
source="wordpress.log" AND "admin-ajax.php" AND "wpr_filter_woo_products" AND NOT "_wpnonce="🔗 References
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.7.1007/classes/modules/wpr-filter-woo-products.php#L1895
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.7.1008/classes/modules/wpr-filter-woo-products.php#L1904
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6bc6a436-6df3-4eaf-a16b-d8b3c3ca7d87?source=cve
