15 Vulnerabilities In 11 Elementor Addons Hit +3M WordPress Sites via @sejournal, @martinibuster

1 month ago 29

ARTICLE AD BOX

Researchers person issued advisories for eleven abstracted Elementor add-on plugins with 15 vulnerabilities that tin marque it imaginable for hackers to upload malicious files. One of them is rated arsenic a precocious menace vulnerability due to the fact that it tin let hackers to bypass entree controls, execute scripts and get delicate data.

Two Different Kinds Of Vulnerabilities

The bulk of the vulnerabilities are Stored Cross Site Scripting (XSS). Three of them are Local File Inclusion.

XSS vulnerabilities are among the astir communal signifier of vulnerability recovered successful WordPress plugins and themes. They mostly originate from flaws successful however input information is secured (input sanitization) and besides however output information is locked down (output escaping).

A Local File Inclusion vulnerability is 1 that exploits an unsecured idiosyncratic input country that allows an attacker to “include” a record into the input. Include is simply a coding term. In plain English a record inclusion is simply a scripting happening (a statement) that tells the website to adhd a circumstantial codification from file, similar a PHP file. I person utilized includes successful PHP to bring successful information from 1 record (like the rubric of a webpage) and instrumentality it into the meta description, that’s an illustration of an include.

This benignant of vulnerability tin beryllium a superior menace due to the fact that it allows an attacker to “include” a wide scope of codification which successful crook tin pb to the quality to bypass immoderate restrictions connected actions that tin beryllium carried retired connected the website and/or let entree to delicate information that is usually restricted.

The Open Web Application Security Project (OWASP) defines a Local File Inclusion vulnerability:

“The File Inclusion vulnerability allows an attacker to see a file, usually exploiting a “dynamic record inclusion” mechanisms implemented successful the people application. The vulnerability occurs owed to the usage of user-supplied input without due validation.

This tin pb to thing arsenic outputting the contents of the file, but depending connected the severity, it tin besides pb to:

Code execution connected the web server

Code execution connected the client-side specified arsenic JavaScript which tin pb to different attacks specified arsenic transverse tract scripting (XSS)

Denial of Service (DoS)

Sensitive Information Disclosure”

List Of Vulnerable Elementor Add-On Plugins

There are eleven full Elementor add-on plugins that person vulnerability advisories, 2 of which were issued contiguous (March 29th), 2 of which were issued connected March 28th. The remaining 7 were issued wrong the past fewer days.

Some of the plugins person much than 1 vulnerability truthful that determination are a full of 15 vulnerabilities successful eleven of the plugins.

Out of the eleven plugins 1 is rated arsenic a High Severity vulnerability and the remainder are Medium Severity.

Here is the database of plugins listed successful descending bid of the astir caller to the earliest. The numbers adjacent to the vulnerabilities denote if they person much than 1 vulnerability.

List of Vulnerable Elementor Add-Ons

ElementsKit Elementor addons (x2)
Unlimited Elements For Elementor
140+ Widgets | Best Addons For Elementor
Better Elementor Addons
Elementor Addon Elements (x2)
Master Addons for Elementor
The Plus Addons for Elementor (x2)
Essential Addons for Elementor (x2)
Element Pack Elementor Addons
Prime Slider – Addons For Elementor
Move Addons for Elementor

High Severity Vulnerability

The High Severity vulnerability is recovered successful the ElementsKit Elementor Addons plugin for WordPress is particularly concerning due to the fact that it tin enactment implicit a cardinal websites successful danger. This vulnerability is rated 8.8 connected a standard of 1- 10.

What accounts for its popularity is the all-in-one quality of the plugin that allows users to easy modify virtually immoderate on-page plan diagnostic successful the headers, footers, and menus. It besides includes a immense template room and 85 widgets that adhd other functionality to webpages created with the Elementor website gathering platform.

The Wordfence information researchers described the vulnerability threat:

“The ElementsKit Elementor addons plugin for WordPress is susceptible to Local File Inclusion successful each versions up to, and including, 3.0.6 via the render_raw function. This makes it imaginable for authenticated attackers, with contributor-level entree and above, to see and execute arbitrary files connected the server, allowing the execution of immoderate PHP codification successful those files. This tin beryllium utilized to bypass entree controls, get delicate data, oregon execute codification execution successful cases wherever images and different “safe” record types tin beryllium uploaded and included.”

Millions of WordPress Sites Affected

The vulnerabilities whitethorn impact implicit 3 cardinal websites. Just 2 of the plugins person a full of 3 cardinal progressive installations. Websites thin to usage conscionable 1 of these plugins due to the fact that determination is simply a definite magnitude of overlap betwixt the features. The all-in-one quality of immoderate of these plugins means that lone 1 plugin is needed successful bid to entree important widgets for adding sliders, menus and different on-page elements.

List of Vulnerable Plugins By Number Of Installations

Essential Addons for Elementor – 2 Million
ElementsKit Elementor addons – 1 Million
Unlimited Elements For Elementor – 200k
Elementor Addon Elements – 100k
The Plus Addons for Elementor – 100k
Element Pack Elementor Addons – 100k
Prime Slider – Addons For Elementor – 100k
Master Addons for Elementor – 40k
140+ Widgets | Best Addons For Elementor – 10k
Move Addons for Elementor – 3k
Better Elementor Addons – Unknown – Closed By WordPress

Recommended Action

Although galore of the mean level severity vulnerabilities necessitate hackers to get contributor level authentication successful bid to motorboat an attack, it’s champion not to underestimate the hazard posed by different plugins oregon installed themes that mightiness assistance the attacker the quality to motorboat these circumstantial attacks.

It’s mostly prudent to trial updated themes earlier pushing updates to a unrecorded site.

Read the authoritative Wordfence advisories (with CVE numbers):

A. 03/29 ElementsKit Elementor addons <= 3.0.6 – Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1238

B. 03/29 ElementsKit Elementor addons <= 3.0.6 – Authenticated (Contributor+) Local File Inclusion successful render_raw CVE-2024-2047 8.8 HIGH THREAT

03/29 Unlimited Elements For Elementor <= 1.5.96 – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link CVE-2024-0367

3/28 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-2250

3/28 Better Elementor Addons <= 1.4.1 – Authenticated(Contributor+) Stored Cross-Site Scripting via widget links CVE-2024-2280

A. Elementor Addon Elements <= 1.13.1 – Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-2091

B. Elementor Addon Elements <= 1.13.2 – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via ‘Text Separator’ and ‘Image Compare’ Widget CVE-2024-2792

Master Addons for Elementor <= 2.0.5.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget CVE-2024-2139

A. The Plus Addons for Elementor <= 5.4.1 – Authenticated (Contributor+) Local File Inclusion via Team Member Listing CVE-2024-2210

B. The Plus Addons for Elementor <= 5.4.1 – Authenticated (Contributor+) Local File Inclusion via Clients Widget CVE-2024-2203