CVE-2025-24569
📋 TL;DR
This path traversal vulnerability in the PDF Generator Addon for Elementor Page Builder WordPress plugin allows attackers to read arbitrary files on the server by manipulating file paths. It affects all WordPress sites using this plugin from any version through 1.7.5. Attackers can potentially access sensitive configuration files, credentials, or other restricted data.
💻 Affected Systems
- PDF Generator Addon for Elementor Page Builder
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive files like wp-config.php containing database credentials, SSH keys, or other configuration files leading to further exploitation.
Likely Case
Unauthorized access to sensitive files including WordPress configuration, plugin files, or other web-accessible data that could enable credential theft or information disclosure.
If Mitigated
Limited impact if proper file permissions restrict web server access to sensitive directories and files.
🎯 Exploit Status
Exploitation requires understanding of path traversal techniques and knowledge of the vulnerable endpoint. No public exploit code identified at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.6 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'PDF Generator Addon for Elementor Page Builder'. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.7.6+ from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the PDF Generator Addon for Elementor Page Builder plugin until patched
Restrict file system access
linuxImplement strict file permissions and directory restrictions for web server user
chmod 600 wp-config.php
chmod 700 sensitive_directories/
🧯 If You Can't Patch
- Remove the PDF Generator Addon for Elementor Page Builder plugin completely from the WordPress installation
- Implement web application firewall (WAF) rules to block path traversal patterns in requests
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for 'PDF Generator Addon for Elementor Page Builder' versionCheck Version:
wp plugin list --name='pdf-generator-addon-for-elementor-page-builder' --field=versionVerify Fix Applied:
Verify plugin version is 1.7.6 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' sequences or attempts to access known sensitive files
- Unusual file read operations in web server logs from PDF generator endpoints
Network Indicators:
- HTTP requests with path traversal payloads to PDF generator endpoints
- Unusual file download patterns from the plugin
SIEM Query:
source="web_server_logs" AND (uri="*../*" OR uri="*/wp-content/plugins/pdf-generator-addon-for-elementor-page-builder/*") AND (status=200 OR status=404)