CVE-2024-5348
CVE-2024-5348 is a Local File Inclusion (LFI) vulnerability in the Elements For Elementor WordPress plugin. This vulnerability, affecting versions up to 2.1, allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary files on the server. Attackers can exploit this by manipulating attributes like 'beforeafter_layout', 'eventsgrid_layout', and others within various widgets to include malicious files.
The vulnerability poses a significant risk as it can lead to the execution of arbitrary PHP code, enabling attackers to bypass access controls, steal sensitive data, or achieve remote code execution if they can upload and include "safe" file types. While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) is 30, highlighting a moderate level of risk based on real-world exploitability, although not critical, should still be addressed. This makes CVE-2024-5348 a serious concern for websites using the vulnerable plugin and requires immediate patching to prevent potential compromise. This vulnerability could also be used to escalate privileges within the WordPress environment.
Description:
CVE-2024-5348 is a Local File Inclusion (LFI) vulnerability in the Elements For Elementor plugin for WordPress. It allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary files on the server, potentially leading to sensitive data exposure, access control bypass, or code execution.
Key Insights:
- High Severity: The CVSS score of 8.8 indicates a high severity vulnerability, requiring immediate attention.
- SVRS of 30: The SOCRadar Vulnerability Risk Score (SVRS) of 30 suggests a moderate risk, highlighting the need for proactive monitoring and mitigation.
- Authenticated Attackers: The vulnerability can be exploited by authenticated attackers with Contributor-level access or higher, making it accessible to a wide range of potential attackers.
Mitigation Strategies:
- Update Plugin: Update the Elements For Elementor plugin to version 2.2 or later to address the vulnerability.
- Restrict Access: Limit access to the plugin's vulnerable attributes to only authorized users with a higher level of privilege.
- Monitor Logs: Monitor server logs for any suspicious activity or attempts to exploit the vulnerability.
- Implement Web Application Firewall (WAF): Configure a WAF to block malicious requests that attempt to exploit the LFI vulnerability.
Additional Information:
- Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
- Exploit Status: Active exploits have not been published.
- CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
- In the Wild: The vulnerability is not known to be actively exploited in the wild.
If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.
Indicators of Compromise
Exploits
News
Social Media
Affected Software
References
CWE Details
CVE Radar
Real-time CVE Intelligence & Vulnerability Management Platform
CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.