Elementor Plugin Vulnerable to PHP Object Injection
CVE-2024-3018

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Vendor: CVE Published:; 30 March 2024

Summary

The Essential Addons for Elementor plugin, utilized in WordPress environments, is susceptible to a PHP Object Injection vulnerability that affects all versions up to and including 5.9.13. The issue arises from the insecure deserialization of untrusted input within the 'error_resetpassword' attribute in the 'Login | Register Form' widget, which is disabled by default. Authenticated attackers with author-level access can exploit this vulnerability to inject a malicious PHP object. If a vulnerable chain of PHP Object Pop (POP) is present due to additional plugins or themes, potential consequences include the ability to delete arbitrary system files, leak sensitive information, or execute unauthorized code, further compromising the target system's security.

Affected Version(s)

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders * <= 5.9.13

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3060417/esse...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2024
Vulnerability Reserved
Mar 27, 2024

Credit

Ngô Thiên An