15 Vulnerabilities In 11 Elementor Addons Hit +3M WordPress Websites

Researchers have issued advisories for eleven separate Elementor add-on plugins with 15 vulnerabilities that may make it potential for hackers to add malicious recordsdata. Certainly one of them is rated as a excessive risk vulnerability as a result of it could enable hackers to bypass entry controls, execute scripts and procure delicate information.

Two Completely different Varieties Of Vulnerabilities

Nearly all of the vulnerabilities are Saved Cross Web site Scripting (XSS). Three of them are Native File Inclusion.

XSS vulnerabilities are among the many commonest type of vulnerability present in WordPress plugins and themes. They often come up from flaws in how enter information is secured (enter sanitization) and in addition how output information is locked down (output escaping).

A Native File Inclusion vulnerability is one which exploits an unsecured person enter space that permits an attacker to “embrace” a file into the enter. Embody is a coding time period. In plain English a file inclusion is a scripting factor (a press release) that tells the web site so as to add a selected code from file, like a PHP file. I’ve used contains in PHP to herald information from one file (just like the title of a webpage) and stick it into the meta description, that’s an instance of an embrace.

This sort of vulnerability could be a critical risk as a result of it permits an attacker to “embrace” a variety of code which in flip can result in the power to bypass any restrictions on actions that may be carried out on the web site and/or enable entry to delicate information that’s usually restricted.

The Open Net Utility Safety Challenge (OWASP) defines a Native File Inclusion vulnerability:

“The File Inclusion vulnerability permits an attacker to incorporate a file, normally exploiting a “dynamic file inclusion” mechanisms applied within the goal software. The vulnerability happens attributable to using user-supplied enter with out correct validation.

This will result in one thing as outputting the contents of the file, however relying on the severity, it could additionally result in:

Code execution on the internet server

Code execution on the client-side similar to JavaScript which might result in different assaults similar to cross website scripting (XSS)

Denial of Service (DoS)

Delicate Data Disclosure”

Listing Of Weak Elementor Add-On Plugins

There are eleven complete Elementor add-on plugins which have vulnerability advisories, two of which had been issued at this time (March twenty ninth), two of which had been issued on March twenty eighth. The remaining seven had been issued throughout the previous few days.

A number of the plugins have a couple of vulnerability in order that there are a complete of 15 vulnerabilities in eleven of the plugins.

Out of the eleven plugins one is rated as a Excessive Severity vulnerability and the remaining are Medium Severity.

Right here is the checklist of plugins listed in descending order of the newest to the earliest. The numbers subsequent to the vulnerabilities denote if they’ve a couple of vulnerability.

Listing of Weak Elementor Add-Ons

ElementsKit Elementor addons (x2)
Limitless Parts For Elementor
140+ Widgets | Greatest Addons For Elementor
Higher Elementor Addons
Elementor Addon Parts (x2)
Grasp Addons for Elementor
The Plus Addons for Elementor (x2)
Important Addons for Elementor (x2)
Factor Pack Elementor Addons
Prime Slider – Addons For Elementor
Transfer Addons for Elementor

Excessive Severity Vulnerability

The Excessive Severity vulnerability is discovered within the ElementsKit Elementor Addons plugin for WordPress is very regarding as a result of it could put over one million web sites in peril. This vulnerability is rated 8.8 on a scale of 1- 10.

What accounts for its reputation is the all-in-one nature of the plugin that permits customers to simply modify nearly any on-page design characteristic within the headers, footers, and menus. It additionally features a huge template library and 85 widgets that add further performance to webpages created with the Elementor web site constructing platform.

The Wordfence safety researchers described the vulnerability risk:

“The ElementsKit Elementor addons plugin for WordPress is weak to Native File Inclusion in all variations as much as, and together with, 3.0.6 through the render_raw operate. This makes it potential for authenticated attackers, with contributor-level entry and above, to incorporate and execute arbitrary recordsdata on the server, permitting the execution of any PHP code in these recordsdata. This can be utilized to bypass entry controls, get hold of delicate information, or obtain code execution in circumstances the place photos and different “secure” file sorts will be uploaded and included.”

Hundreds of thousands of WordPress Websites Affected

The vulnerabilities might have an effect on over 3 million web sites. Simply two of the plugins have a complete of three million lively installations. Web sites have a tendency to make use of simply one among these plugins as a result of there’s a certain quantity of overlap between the options. The all-in-one nature of a few of these plugins signifies that just one plugin is required in an effort to entry necessary widgets for including sliders, menus and different on-page parts.

Listing of Weak Plugins By Quantity Of Installations

Important Addons for Elementor – 2 Million
ElementsKit Elementor addons – 1 Million
Limitless Parts For Elementor – 200k
Elementor Addon Parts – 100k
The Plus Addons for Elementor – 100k
Factor Pack Elementor Addons – 100k
Prime Slider – Addons For Elementor – 100k
Grasp Addons for Elementor – 40k
140+ Widgets | Greatest Addons For Elementor – 10k
Transfer Addons for Elementor – 3k
Higher Elementor Addons – Unknown – Closed By WordPress

Really useful Motion

Though most of the medium degree severity vulnerabilities require hackers to acquire contributor degree authentication in an effort to launch an assault, it’s greatest to not underestimate the danger posed by different plugins or put in themes that may grant the attacker the power to launch these particular assaults.

It’s typically prudent to check up to date themes earlier than pushing updates to a stay website.

Learn the official Wordfence advisories (with CVE numbers):

A. 03/29 ElementsKit Elementor addons <= 3.0.6 – Authenticated (Contributor+) Saved Cross-Web site Scripting CVE-2024-1238

B. 03/29 ElementsKit Elementor addons <= 3.0.6 – Authenticated (Contributor+) Native File Inclusion in render_raw CVE-2024-2047 8.8 HIGH THREAT

03/29 Limitless Parts For Elementor <= 1.5.96 – Authenticated (Contributor+) Saved Cross-Web site Scripting through Widget Hyperlink CVE-2024-0367

3/28 140+ Widgets | Greatest Addons For Elementor – FREE <= 1.4.2 – Authenticated (Contributor+) Saved Cross-Web site Scripting CVE-2024-2250

3/28 Higher Elementor Addons <= 1.4.1 – Authenticated(Contributor+) Saved Cross-Web site Scripting through widget hyperlinks CVE-2024-2280

A. Elementor Addon Parts <= 1.13.1 – Authenticated (Contributor+) Saved Cross-Web site Scripting CVE-2024-2091

B. Elementor Addon Parts <= 1.13.2 – Authenticated (Contributor+) DOM-Primarily based Saved Cross-Web site Scripting through ‘Textual content Separator’ and ‘Picture Examine’ Widget CVE-2024-2792

Grasp Addons for Elementor <= 2.0.5.6 – Authenticated (Contributor+) Saved Cross-Web site Scripting through Pricing Desk Widget CVE-2024-2139

A. The Plus Addons for Elementor <= 5.4.1 – Authenticated (Contributor+) Native File Inclusion through Crew Member Itemizing CVE-2024-2210

B. The Plus Addons for Elementor <= 5.4.1 – Authenticated (Contributor+) Native File Inclusion through Shoppers Widget CVE-2024-2203