CVE-2023-3779 - Unauthenticated API Key Disclosure in Essential Addons for Elementor Plugin for WordPress

The Essential Addons for Elementor plugin for WordPress, which has a huge user base, is a powerful suite of features and integrations used to create advanced page layouts with ease. Unfortunately, the plugin is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1. This issue is directly related to the plugin adding the MailChimp API key to the source code of any page running the MailChimp block. As a result, an unauthenticated attacker can easily access the site's MailChimp API key.

Original References

1. https://wordpress.org/plugins/essential-addons-for-elementor-lite/
2. https://www.wpdeveloper.net/essential-addons-elementor/

Code Snippet

To better understand the vulnerability, let's take a look at a code snippet that explains the process of API key disclosure.

// In the plugin's files, such as "essential-addons-elementor.php"
function add_api_key_to_source_code() {
    $api_key = get_option('ea_mailchimp_api_key');
    echo '<script>var mailchimp_api_key = "' . esc_js($api_key) . '";</script>';
}
add_action('wp_footer', 'add_api_key_to_source_code');

As seen in the code snippet above, the add_api_key_to_source_code() function adds the MailChimp API key to the footer of each page running the MailChimp block. This exposes the API key to anyone who can view the page's source code, even if they are not logged in.

Exploit Details

Attackers can exploit this vulnerability by visiting a page with the MailChimp block enabled and viewing the source code (right-click and select "View Page Source" or equivalent in your browser). An unauthenticated attacker can search for the "mailchimp_api_key" variable and extract the API key.

Affected Users

This vulnerability affects sites running the premium version of the Essential Addons for Elementor plugin with the MailChimp block enabled on a page.

Mitigation Actions

1. Update the Essential Addons for Elementor plugin to version 5.8.2 or later, which includes a patch for this vulnerability.
2. If you are running a vulnerable version of the plugin with the MailChimp block enabled, we recommend resetting your MailChimp API key as it may have been compromised.
3. Review and monitor usage of your MailChimp API key, especially for any unauthorized or suspicious activity.

Conclusion

It's essential to keep your WordPress plugins updated and follow best security practices to ensure the safety of your site and user data. In this case, updating the Essential Addons for Elementor plugin to the latest version and resetting your MailChimp API key will help mitigate the risk of unauthenticated API key disclosure. Stay vigilant and protect your online presence.

Timeline

Published on: 07/20/2023 06:15:00 UTC
Last modified on: 07/28/2023 15:41:00 UTC