15 Vulnerabilities In 11 Elementor Addons Hit +3M WordPress Websites

March 30, 2024

17

Researchers have issued advisories for eleven separate Elementor add-on plugins with 15 vulnerabilities that may make it doable for hackers to add malicious recordsdata. Certainly one of them is rated as a excessive menace vulnerability as a result of it may possibly enable hackers to bypass entry controls, execute scripts and acquire delicate information.

Two Completely different Varieties Of Vulnerabilities

Nearly all of the vulnerabilities are Saved Cross Web site Scripting (XSS). Three of them are Native File Inclusion.

XSS vulnerabilities are among the many commonest type of vulnerability present in WordPress plugins and themes. They often come up from flaws in how enter information is secured (enter sanitization) and in addition how output information is locked down (output escaping).

A Native File Inclusion vulnerability is one which exploits an unsecured consumer enter space that enables an attacker to “embody” a file into the enter. Embody is a coding time period. In plain English a file inclusion is a scripting factor (an announcement) that tells the web site so as to add a selected code from file, like a PHP file. I’ve used consists of in PHP to herald information from one file (just like the title of a webpage) and stick it into the meta description, that’s an instance of an embody.

This type of vulnerability is usually a critical menace as a result of it permits an attacker to “embody” a variety of code which in flip can result in the flexibility to bypass any restrictions on actions that may be carried out on the web site and/or enable entry to delicate information that’s usually restricted.

The Open Net Utility Safety Challenge (OWASP) defines a Native File Inclusion vulnerability:

“The File Inclusion vulnerability permits an attacker to incorporate a file, normally exploiting a “dynamic file inclusion” mechanisms applied within the goal utility. The vulnerability happens because of using user-supplied enter with out correct validation.

This will result in one thing as outputting the contents of the file, however relying on the severity, it may possibly additionally result in:

Code execution on the internet server

Code execution on the client-side corresponding to JavaScript which might result in different assaults corresponding to cross website scripting (XSS)

Denial of Service (DoS)

Delicate Data Disclosure”

Listing Of Weak Elementor Add-On Plugins

There are eleven complete Elementor add-on plugins which have vulnerability advisories, two of which had been issued right this moment (March twenty ninth), two of which had been issued on March twenty eighth. The remaining seven had been issued inside the previous few days.

A number of the plugins have multiple vulnerability in order that there are a complete of 15 vulnerabilities in eleven of the plugins.

Out of the eleven plugins one is rated as a Excessive Severity vulnerability and the remaining are Medium Severity.

Right here is the record of plugins listed in descending order of the latest to the earliest. The numbers subsequent to the vulnerabilities denote if they’ve multiple vulnerability.

Listing of Weak Elementor Add-Ons

ElementsKit Elementor addons (x2)
Limitless Parts For Elementor
140+ Widgets | Finest Addons For Elementor
Higher Elementor Addons
Elementor Addon Parts (x2)
Grasp Addons for Elementor
The Plus Addons for Elementor (x2)
Important Addons for Elementor (x2)
Factor Pack Elementor Addons
Prime Slider – Addons For Elementor
Transfer Addons for Elementor

Excessive Severity Vulnerability

The Excessive Severity vulnerability is discovered within the ElementsKit Elementor Addons plugin for WordPress is very regarding as a result of it may possibly put over 1,000,000 web sites at risk. This vulnerability is rated 8.8 on a scale of 1- 10.

What accounts for its recognition is the all-in-one nature of the plugin that enables customers to simply modify nearly any on-page design function within the headers, footers, and menus. It additionally features a huge template library and 85 widgets that add further performance to webpages created with the Elementor web site constructing platform.

The Wordfence safety researchers described the vulnerability menace:

“The ElementsKit Elementor addons plugin for WordPress is weak to Native File Inclusion in all variations as much as, and together with, 3.0.6 by way of the render_raw perform. This makes it doable for authenticated attackers, with contributor-level entry and above, to incorporate and execute arbitrary recordsdata on the server, permitting the execution of any PHP code in these recordsdata. This can be utilized to bypass entry controls, receive delicate information, or obtain code execution in circumstances the place photos and different “protected” file sorts will be uploaded and included.”

Hundreds of thousands of WordPress Websites Affected

The vulnerabilities might have an effect on over 3 million web sites. Simply two of the plugins have a complete of three million energetic installations. Web sites have a tendency to make use of simply one among these plugins as a result of there’s a specific amount of overlap between the options. The all-in-one nature of a few of these plugins signifies that just one plugin is required with a view to entry necessary widgets for including sliders, menus and different on-page parts.

Listing of Weak Plugins By Quantity Of Installations

Important Addons for Elementor – 2 Million
ElementsKit Elementor addons – 1 Million
Limitless Parts For Elementor – 200k
Elementor Addon Parts – 100k
The Plus Addons for Elementor – 100k
Factor Pack Elementor Addons – 100k
Prime Slider – Addons For Elementor – 100k
Grasp Addons for Elementor – 40k
140+ Widgets | Finest Addons For Elementor – 10k
Transfer Addons for Elementor – 3k
Higher Elementor Addons – Unknown – Closed By WordPress

Advisable Motion

Though most of the medium stage severity vulnerabilities require hackers to acquire contributor stage authentication with a view to launch an assault, it’s greatest to not underestimate the danger posed by different plugins or put in themes which may grant the attacker the flexibility to launch these particular assaults.

It’s typically prudent to check up to date themes earlier than pushing updates to a dwell website.

Learn the official Wordfence advisories (with CVE numbers):

A. 03/29 ElementsKit Elementor addons <= 3.0.6 – Authenticated (Contributor+) Saved Cross-Web site Scripting CVE-2024-1238

B. 03/29 ElementsKit Elementor addons <= 3.0.6 – Authenticated (Contributor+) Native File Inclusion in render_raw CVE-2024-2047 8.8 HIGH THREAT

03/29 Limitless Parts For Elementor <= 1.5.96 – Authenticated (Contributor+) Saved Cross-Web site Scripting by way of Widget Hyperlink CVE-2024-0367

3/28 140+ Widgets | Finest Addons For Elementor – FREE <= 1.4.2 – Authenticated (Contributor+) Saved Cross-Web site Scripting CVE-2024-2250

3/28 Higher Elementor Addons <= 1.4.1 – Authenticated(Contributor+) Saved Cross-Web site Scripting by way of widget hyperlinks CVE-2024-2280

A. Elementor Addon Parts <= 1.13.1 – Authenticated (Contributor+) Saved Cross-Web site Scripting CVE-2024-2091

B. Elementor Addon Parts <= 1.13.2 – Authenticated (Contributor+) DOM-Based mostly Saved Cross-Web site Scripting by way of ‘Textual content Separator’ and ‘Picture Evaluate’ Widget CVE-2024-2792

Grasp Addons for Elementor <= 2.0.5.6 – Authenticated (Contributor+) Saved Cross-Web site Scripting by way of Pricing Desk Widget CVE-2024-2139

A. The Plus Addons for Elementor <= 5.4.1 – Authenticated (Contributor+) Native File Inclusion by way of Crew Member Itemizing CVE-2024-2210

B. The Plus Addons for Elementor <= 5.4.1 – Authenticated (Contributor+) Native File Inclusion by way of Purchasers Widget CVE-2024-2203