15 Vulnerabilities In 11 Elementor Addons Hit +3M WordPress Websites

Researchers have issued advisories for eleven separate Elementor add-on plugins with 15 vulnerabilities that may make it attainable for hackers to add malicious recordsdata. One among them is rated as a excessive menace vulnerability as a result of it may well permit hackers to bypass entry controls, execute scripts and acquire delicate information.

Two Completely different Sorts Of Vulnerabilities

The vast majority of the vulnerabilities are Saved Cross Website Scripting (XSS). Three of them are Native File Inclusion.

XSS vulnerabilities are among the many commonest type of vulnerability present in WordPress plugins and themes. They often come up from flaws in how enter information is secured (enter sanitization) and likewise how output information is locked down (output escaping).

A Native File Inclusion vulnerability is one which exploits an unsecured consumer enter space that permits an attacker to “embody” a file into the enter. Embrace is a coding time period. In plain English a file inclusion is a scripting factor (a press release) that tells the web site so as to add a selected code from file, like a PHP file. I’ve used contains in PHP to usher in information from one file (just like the title of a webpage) and stick it into the meta description, that’s an instance of an embody.

This type of vulnerability generally is a critical menace as a result of it permits an attacker to “embody” a variety of code which in flip can result in the flexibility to bypass any restrictions on actions that may be carried out on the web site and/or permit entry to delicate information that’s usually restricted.

The Open Internet Software Safety Challenge (OWASP) defines a Native File Inclusion vulnerability:

“The File Inclusion vulnerability permits an attacker to incorporate a file, normally exploiting a “dynamic file inclusion” mechanisms applied within the goal utility. The vulnerability happens attributable to the usage of user-supplied enter with out correct validation.

This could result in one thing as outputting the contents of the file, however relying on the severity, it may well additionally result in:

Code execution on the net server

Code execution on the client-side equivalent to JavaScript which may result in different assaults equivalent to cross website scripting (XSS)

Denial of Service (DoS)

Delicate Info Disclosure”

Listing Of Susceptible Elementor Add-On Plugins

There are eleven complete Elementor add-on plugins which have vulnerability advisories, two of which had been issued at the moment (March twenty ninth), two of which had been issued on March twenty eighth. The remaining seven had been issued throughout the previous few days.

A few of the plugins have a couple of vulnerability in order that there are a complete of 15 vulnerabilities in eleven of the plugins.

Out of the eleven plugins one is rated as a Excessive Severity vulnerability and the remainder are Medium Severity.

Right here is the record of plugins listed in descending order of the newest to the earliest. The numbers subsequent to the vulnerabilities denote if they’ve a couple of vulnerability.

Listing of Susceptible Elementor Add-Ons

1. ElementsKit Elementor addons (x2)
2. Limitless Components For Elementor
3. 140+ Widgets | Greatest Addons For Elementor
4. Higher Elementor Addons
5. Elementor Addon Components (x2)
6. Grasp Addons for Elementor
7. The Plus Addons for Elementor (x2)
8. Important Addons for Elementor (x2)
9. Ingredient Pack Elementor Addons
10. Prime Slider – Addons For Elementor
11. Transfer Addons for Elementor

Excessive Severity Vulnerability

The Excessive Severity vulnerability is discovered within the ElementsKit Elementor Addons plugin for WordPress is particularly regarding as a result of it may well put over 1,000,000 web sites in peril. This vulnerability is rated 8.8 on a scale of 1- 10.

What accounts for its reputation is the all-in-one nature of the plugin that permits customers to simply modify just about any on-page design function within the headers, footers, and menus. It additionally features a huge template library and 85 widgets that add further performance to webpages created with the Elementor web site constructing platform.

The Wordfence safety researchers described the vulnerability menace:

“The ElementsKit Elementor addons plugin for WordPress is susceptible to Native File Inclusion in all variations as much as, and together with, 3.0.6 by way of the render_raw perform. This makes it attainable for authenticated attackers, with contributor-level entry and above, to incorporate and execute arbitrary recordsdata on the server, permitting the execution of any PHP code in these recordsdata. This can be utilized to bypass entry controls, get hold of delicate information, or obtain code execution in instances the place pictures and different “secure” file varieties might be uploaded and included.”

Thousands and thousands of WordPress Websites Affected

The vulnerabilities could have an effect on over 3 million web sites. Simply two of the plugins have a complete of three million lively installations. Web sites have a tendency to make use of simply one among these plugins as a result of there’s a specific amount of overlap between the options. The all-in-one nature of a few of these plugins implies that just one plugin is required with a purpose to entry vital widgets for including sliders, menus and different on-page components.

Listing of Susceptible Plugins By Quantity Of Installations

1. Important Addons for Elementor – 2 Million
2. ElementsKit Elementor addons – 1 Million
3. Limitless Components For Elementor – 200k
4. Elementor Addon Components – 100k
5. The Plus Addons for Elementor – 100k
6. Ingredient Pack Elementor Addons – 100k
7. Prime Slider – Addons For Elementor – 100k
8. Grasp Addons for Elementor – 40k
9. 140+ Widgets | Greatest Addons For Elementor – 10k
10. Transfer Addons for Elementor – 3k
11. Higher Elementor Addons – Unknown – Closed By WordPress

Really useful Motion

Though lots of the medium degree severity vulnerabilities require hackers to acquire contributor degree authentication with a purpose to launch an assault, it’s greatest to not underestimate the chance posed by different plugins or put in themes that may grant the attacker the flexibility to launch these particular assaults.

It’s usually prudent to check up to date themes earlier than pushing updates to a stay website.

Learn the official Wordfence advisories (with CVE numbers):

A. 03/29 ElementsKit Elementor addons <= 3.0.6 – Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1238

B. 03/29 ElementsKit Elementor addons <= 3.0.6 – Authenticated (Contributor+) Local File Inclusion in render_raw CVE-2024-2047 8.8 HIGH THREAT

03/29 Unlimited Elements For Elementor <= 1.5.96 – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link CVE-2024-0367

3/28 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-2250

3/28 Better Elementor Addons <= 1.4.1 – Authenticated(Contributor+) Stored Cross-Site Scripting via widget links CVE-2024-2280

A. Elementor Addon Elements <= 1.13.1 – Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-2091

B. Elementor Addon Elements <= 1.13.2 – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via ‘Text Separator’ and ‘Image Compare’ Widget CVE-2024-2792

Master Addons for Elementor <= 2.0.5.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget CVE-2024-2139

A. The Plus Addons for Elementor <= 5.4.1 – Authenticated (Contributor+) Local File Inclusion via Team Member Listing CVE-2024-2210

B. The Plus Addons for Elementor <= 5.4.1 – Authenticated (Contributor+) Local File Inclusion via Clients Widget CVE-2024-2203

A. Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 – Authenticated (Contributor+) Stored Cross-Site Scripting ( by way of the countdown widget’s message parameter) CVE-2024-2623

B. Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 – Authenticated (Contributor+) Stored Cross-Site Scripting (by way of the alignment parameter within the Woo Product Carousel widget) CVE-2024-2650

Element Pack Elementor Addons <= 5.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via link CVE-2024-30185

Prime Slider – Addons For Elementor <= 3.13.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via title CVE-2024-30186

Move Addons for Elementor <= 1.2.9 – Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-2131

Featured Picture by Shutterstock/Andrey Myagkov