Element Pack Elementor Addons Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes and Form Submission Admin Email Bypass – CVE-2024-3926, CVE-2024-3927 | WordPress Plugin Vulnerability Report

Plugin Name: Element Pack Elementor Addons

Key Information:

  • Software Type: Plugin
  • Software Slug: bdthemes-element-pack-lite
  • Software Status: Active
  • Software Author: bdthemes
  • Software Downloads: 2,152,863
  • Active Installs: 100,000
  • Last Updated: May 21, 2024
  • Patched Versions: 5.6.4
  • Affected Versions: <= 5.6.3

Vulnerability 1 Details:

  • Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes
  • Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CVE: CVE-2024-3926
  • CVSS Score: 6.4 (Medium)
  • Publicly Published: May 21, 2024
  • Researcher: wesley (wcraft)
  • Description: The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes value in widgets in all versions up to, and including, 5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vulnerability 2 Details:

  • Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email Bypass
  • Type: Improper Protection of Alternate Path
  • CVE: CVE-2024-3927
  • CVSS Score: 5.3 (Medium)
  • Publicly Published: May 21, 2024
  • Researcher: Ngô Thiên An
  • Description: The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an administrators emails. This makes it possible for unauthenticated attackers to bypass the restriction using a +value when submitting the contact form.

Summary:

The Element Pack Elementor Addons for WordPress has two vulnerabilities in versions up to and including 5.6.3 that allow for Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes and Form Submission Admin Email Bypass. These vulnerabilities have been patched in version 5.6.4.

Detailed Overview:

The first vulnerability, discovered by researcher wesley (wcraft), allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages via the custom_attributes value in widgets. This is due to insufficient input sanitization and output escaping on user-supplied attributes.

The second vulnerability, discovered by researcher Ngô Thiên An, allows unauthenticated attackers to bypass the admin email restriction when submitting the contact form. This is due to the plugin not properly checking for all variations of an administrator's email, making it possible to bypass the restriction using a +value.

Advice for Users:

  1. Immediate Action: Users are encouraged to update to version 5.6.4 or later to ensure their WordPress installations are secure.
  2. Check for Signs of Vulnerability: Users should check their website for any suspicious or unauthorized content that may have been injected due to the Cross-Site Scripting vulnerability.
  3. Alternate Plugins: While a patch is available, users might still consider plugins that offer similar functionality as a precaution.
  4. Stay Updated: Always ensure that your plugins are updated to the latest versions to avoid vulnerabilities.

The prompt response from the plugin developers to patch these vulnerabilities underscores the importance of timely updates. Users are advised to ensure that they are running version 5.6.4 or later to secure their WordPress installations.

References:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bdthemes-element-pack-lite

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-561-authenticated-contributor-stored-cross-site-scripting-via-custom-attributes

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-563-form-submission-admin-email-bypass

Detailed Report:

In the ever-evolving landscape of web security, it's crucial for website owners to stay vigilant and keep their platforms up to date. A recent discovery of multiple vulnerabilities in the popular Element Pack Elementor Addons plugin for WordPress has once again highlighted the importance of regular updates and proactive security measures.

About the Plugin

The Element Pack Elementor Addons plugin, used by over 100,000 active websites, is a popular choice for adding advanced functionality to WordPress websites using the Elementor page builder. With over 2 million downloads, this plugin has become a go-to solution for many website owners looking to enhance their site's features and design.

Discovered Vulnerabilities

Two critical vulnerabilities have been discovered in the Element Pack Elementor Addons plugin, affecting all versions up to and including 5.6.3. These vulnerabilities are identified as CVE-2024-3926 and CVE-2024-3927.

The first vulnerability (CVE-2024-3926) allows authenticated attackers with contributor-level access or higher to inject malicious scripts into your website via the custom_attributes value in widgets. This is due to insufficient input sanitization and output escaping on user-supplied attributes.

The second vulnerability (CVE-2024-3927) enables unauthenticated attackers to bypass email restrictions when submitting the contact form. This is caused by the plugin not properly checking for all variations of an administrator's email, allowing attackers to bypass the restriction using a +value in the email address.

Risks and Potential Impacts

Failing to address these vulnerabilities can lead to serious consequences for your website and business. The Cross-Site Scripting (XSS) vulnerability (CVE-2024-3926) can allow attackers to inject malicious scripts into your website, potentially compromising its integrity, stealing sensitive user data, or redirecting visitors to malicious websites.

The Form Submission Admin Email Bypass vulnerability (CVE-2024-3927) can enable attackers to flood your inbox with spam or conduct targeted phishing attacks, putting your personal and business information at risk.

How to Fix the Vulnerability

To protect your website from these vulnerabilities, it is crucial to update the Element Pack Elementor Addons plugin to version 5.6.4 or later, which includes patches for both issues. If you are unable to update the plugin immediately, consider deactivating it until you can apply the necessary updates.

Previous Vulnerabilities

It is worth noting that this is not the first time the Element Pack Elementor Addons plugin has faced security issues. Since February 2024, there have been 8 previous vulnerabilities discovered in the plugin. This underscores the importance of regularly monitoring and updating your WordPress plugins to ensure the ongoing security of your website.

The Importance of Staying Updated

As a small business owner, keeping your WordPress website secure may seem like a daunting task, especially when you have limited time and resources. However, neglecting website security can lead to far more significant problems down the line, such as data breaches, loss of customer trust, and damage to your brand's reputation.

By staying informed about potential vulnerabilities and taking proactive steps to update your plugins and maintain your website's security, you can protect your business and your customers from online threats. If you are unsure about how to proceed or need assistance with updating your website, consider reaching out to a professional web developer or security expert for guidance.

Security vulnerabilities like this one demonstrate the importance of having WordPress experts regularly monitor, maintain and update your site. At Your WP Guy, we offer ongoing management to handle updates, security monitoring, backups, uptime and support so you can stop worrying and get back to growing your business.

Let us fully audit your site to check for any signs of this vulnerability or other issues. We'll immediately update any out-of-date plugins and harden your site's security. Chat with us anytime during business hours, schedule a call or call 678-995-5169 to lock down your online presence.

Element Pack Elementor Addons Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes and Form Submission Admin Email Bypass – CVE-2024-3926, CVE-2024-3927 | WordPress Plugin Vulnerability Report FAQs

Leave a Comment