Researchers have issued advisories for eleven separate Elementor add-on plugins with 15 vulnerabilities that may make it potential for hackers to add malicious information. One in all them is rated as a excessive risk vulnerability as a result of it may well permit hackers to bypass entry controls, execute scripts and acquire delicate knowledge.

Table of Contents

Two Totally different Sorts Of Vulnerabilities

Nearly all of the vulnerabilities are Saved Cross Website Scripting (XSS). Three of them are Native File Inclusion.

XSS vulnerabilities are among the many most typical type of vulnerability present in WordPress plugins and themes. They often come up from flaws in how enter knowledge is secured (enter sanitization) and likewise how output knowledge is locked down (output escaping).

A Native File Inclusion vulnerability is one which exploits an unsecured consumer enter space that enables an attacker to “embrace” a file into the enter. Embody is a coding time period. In plain English a file inclusion is a scripting factor (a press release) that tells the web site so as to add a particular code from file, like a PHP file. I’ve used contains in PHP to usher in knowledge from one file (just like the title of a webpage) and stick it into the meta description, that’s an instance of an embrace.

This type of vulnerability is usually a severe risk as a result of it permits an attacker to “embrace” a variety of code which in flip can result in the flexibility to bypass any restrictions on actions that may be carried out on the web site and/or permit entry to delicate knowledge that’s usually restricted.

The Open Net Software Safety Venture (OWASP) defines a Native File Inclusion vulnerability:

“The File Inclusion vulnerability permits an attacker to incorporate a file, often exploiting a “dynamic file inclusion” mechanisms applied within the goal utility. The vulnerability happens as a consequence of using user-supplied enter with out correct validation.

This could result in one thing as outputting the contents of the file, however relying on the severity, it may well additionally result in:

Code execution on the net server

Code execution on the client-side equivalent to JavaScript which might result in different assaults equivalent to cross website scripting (XSS)

Denial of Service (DoS)

Delicate Data Disclosure”

Record Of Susceptible Elementor Add-On Plugins

There are eleven complete Elementor add-on plugins which have vulnerability advisories, two of which had been issued in the present day (March twenty ninth), two of which had been issued on March twenty eighth. The remaining seven had been issued inside the previous few days.

A few of the plugins have a couple of vulnerability in order that there are a complete of 15 vulnerabilities in eleven of the plugins.

Out of the eleven plugins one is rated as a Excessive Severity vulnerability and the remaining are Medium Severity.

Right here is the record of plugins listed in descending order of the latest to the earliest. The numbers subsequent to the vulnerabilities denote if they’ve a couple of vulnerability.

Record of Susceptible Elementor Add-Ons

ElementsKit Elementor addons (x2)
Limitless Parts For Elementor
140+ Widgets | Finest Addons For Elementor
Higher Elementor Addons
Elementor Addon Parts (x2)
Grasp Addons for Elementor
The Plus Addons for Elementor (x2)
Important Addons for Elementor (x2)
Factor Pack Elementor Addons
Prime Slider – Addons For Elementor
Transfer Addons for Elementor

Excessive Severity Vulnerability

The Excessive Severity vulnerability is discovered within the ElementsKit Elementor Addons plugin for WordPress is particularly regarding as a result of it may well put over one million web sites at risk. This vulnerability is rated 8.8 on a scale of 1- 10.

What accounts for its recognition is the all-in-one nature of the plugin that enables customers to simply modify just about any on-page design characteristic within the headers, footers, and menus. It additionally features a huge template library and 85 widgets that add additional performance to webpages created with the Elementor web site constructing platform.

The Wordfence safety researchers described the vulnerability risk:

“The ElementsKit Elementor addons plugin for WordPress is susceptible to Native File Inclusion in all variations as much as, and together with, 3.0.6 by way of the render_raw perform. This makes it potential for authenticated attackers, with contributor-level entry and above, to incorporate and execute arbitrary information on the server, permitting the execution of any PHP code in these information. This can be utilized to bypass entry controls, acquire delicate knowledge, or obtain code execution in circumstances the place pictures and different “secure” file varieties could be uploaded and included.”

Thousands and thousands of WordPress Websites Affected

The vulnerabilities could have an effect on over 3 million web sites. Simply two of the plugins have a complete of three million lively installations. Web sites have a tendency to make use of simply certainly one of these plugins as a result of there’s a certain quantity of overlap between the options. The all-in-one nature of a few of these plugins implies that just one plugin is required so as to entry vital widgets for including sliders, menus and different on-page components.

Record of Susceptible Plugins By Quantity Of Installations

Important Addons for Elementor – 2 Million
ElementsKit Elementor addons – 1 Million
Limitless Parts For Elementor – 200k
Elementor Addon Parts – 100k
The Plus Addons for Elementor – 100k
Factor Pack Elementor Addons – 100k
Prime Slider – Addons For Elementor – 100k
Grasp Addons for Elementor – 40k
140+ Widgets | Finest Addons For Elementor – 10k
Transfer Addons for Elementor – 3k
Higher Elementor Addons – Unknown – Closed By WordPress

Really helpful Motion

Though lots of the medium stage severity vulnerabilities require hackers to acquire contributor stage authentication so as to launch an assault, it’s greatest to not underestimate the danger posed by different plugins or put in themes which may grant the attacker the flexibility to launch these particular assaults.

It’s typically prudent to check up to date themes earlier than pushing updates to a stay website.

Learn the official Wordfence advisories (with CVE numbers):

A. 03/29 ElementsKit Elementor addons <= 3.0.6 – Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1238

B. 03/29 ElementsKit Elementor addons <= 3.0.6 – Authenticated (Contributor+) Local File Inclusion in render_raw CVE-2024-2047 8.8 HIGH THREAT

03/29 Unlimited Elements For Elementor <= 1.5.96 – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link CVE-2024-0367

3/28 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-2250

3/28 Better Elementor Addons <= 1.4.1 – Authenticated(Contributor+) Stored Cross-Site Scripting via widget links CVE-2024-2280

A. Elementor Addon Elements <= 1.13.1 – Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-2091

B. Elementor Addon Elements <= 1.13.2 – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via ‘Text Separator’ and ‘Image Compare’ Widget CVE-2024-2792

Master Addons for Elementor <= 2.0.5.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget CVE-2024-2139

A. The Plus Addons for Elementor <= 5.4.1 – Authenticated (Contributor+) Local File Inclusion via Team Member Listing CVE-2024-2210

B. The Plus Addons for Elementor <= 5.4.1 – Authenticated (Contributor+) Local File Inclusion via Clients Widget CVE-2024-2203