Arbitrary File Read Vulnerability in Plus Addons for Elementor Plugin by WordPress
CVE-2021-4332

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: The Plus Addons For Elementor | Free Elementor Widgets & Elementor Templates, Header Menu, Blog Post Builder, Dark Mode, Full-page Scroll, Cross Domain Copy
Vendor: CVE Published:; 7 March 2023

Summary

The Plus Addons for Elementor plugin allows users to add an 'Info Box' to pages created with Elementor. However, versions up to 4.1.9 (pro) and 2.0.6 (free) possess a vulnerability that allows arbitrary file reads. This issue arises because the plugin uses the file_get_contents function without validating that the file being referenced is indeed an SVG file. As a result, any individual with access to the Elementor page builder, such as contributors, can exploit this vulnerability to read sensitive files within the WordPress installation.

Affected Version(s)

The Plus Addons for Elementor | FREE Elementor Widgets & Elementor Templates, Header Menu, Blog Post Builder, Dark Mode, Full-Page Scroll, Cross Domain Copy * <= 2.0.6

The Plus Addons for Elementor | FREE Elementor Widgets & Elementor Templates, Header Menu, Blog Post Builder, Dark Mode, Full-Page Scroll, Cross Domain Copy * <= 4.1.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 7, 2023
Vulnerability Reserved
Mar 7, 2023

Credit

Chloe Chamberland