Element Pack Addons for Elementor Blind Server-Side Request Forgery Vulnerability

A Blind Server-Side Request Forgery (SSRF) vulnerability has been identified in the Element Pack Addons for Elementor plugin for WordPress, affecting all versions through 8.2.5. The vulnerability arises in the wp_ajax_import_elementor_template action, allowing authenticated attackers with Subscriber-level access and above to send web requests to arbitrary locations. This could be exploited to query and modify information from internal services.

Impact

Exploitation of this vulnerability could lead to unauthorized web requests being made from the WordPress application to internal services, potentially allowing attackers to access or modify sensitive information.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the wp_ajax_import_elementor_template action. This request can include a URL that the server will fetch, effectively allowing the user to make requests to internal services from the server's perspective.

Remediation

Users are advised to update the Element Pack Addons for Elementor plugin to version 8.2.6 or a newer patched version.