CVE-2024-2923 in Magical Addons for Elementor Plugin
Summary
by MITRE • 05/14/2024
The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text effect widget in all versions up to, and including, 1.1.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/31/2025
The vulnerable plugin Magical Addons For Elementor represents a critical security flaw within the WordPress ecosystem that affects multiple core components including Header Footer Builder, Free Elementor Widgets, and Elementor Templates Library. This vulnerability manifests as a stored cross-site scripting issue that exists in all versions up to and including 1.1.37, creating a persistent threat vector that can compromise user sessions and execute malicious code within the context of affected websites. The attack surface is particularly concerning given that the vulnerability requires only contributor-level access or higher, making it accessible to users who typically have limited administrative privileges but can still manipulate content through the Elementor page builder interface.
The technical root cause of this vulnerability stems from inadequate input sanitization and output escaping mechanisms within the plugin's text effect widget functionality. When users with sufficient privileges create or modify content using the affected widget, the plugin fails to properly validate or sanitize user-supplied attributes before storing them in the database. This stored data is then subsequently retrieved and displayed on web pages without proper escaping, creating an environment where malicious scripts can be permanently embedded within the website's content. The flaw directly aligns with CWE-79, which describes Cross-Site Scripting vulnerabilities resulting from insufficient output escaping, and represents a classic case of stored XSS where the malicious payload persists in the server's database rather than being executed only during a single request.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with the ability to manipulate website content and potentially compromise user sessions. Authenticated attackers with contributor-level access can inject malicious JavaScript code that will execute whenever any user accesses pages containing the injected content, potentially leading to session hijacking, data exfiltration, or further privilege escalation attempts. The persistent nature of stored XSS means that the attack remains effective until the malicious content is manually removed from the database, and the vulnerability affects all users who access pages containing the compromised content, regardless of their authentication status. This makes the vulnerability particularly dangerous in environments where multiple users with varying privilege levels interact with the same content management system.
Security mitigation strategies for this vulnerability should prioritize immediate plugin updates to versions that address the sanitization and escaping issues, as well as implementing comprehensive input validation and output escaping mechanisms. Organizations should conduct thorough security audits of their WordPress installations to identify and remediate similar vulnerabilities across other plugins and themes. The ATT&CK framework categorizes this type of vulnerability under T1190 - Exploit Public-Facing Application, highlighting the importance of maintaining up-to-date software and implementing proper access controls. Additionally, administrators should consider implementing content security policies and regular security monitoring to detect and respond to potential exploitation attempts, while also ensuring that user privileges are properly restricted to minimize the potential impact of such vulnerabilities.