CVE-2024-9935
published 2024-11-16CVE-2024-9935: The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.0.0 via the…
PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
7.49%
93.7th percentile
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.0.0 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-24569 may be a duplicate of this issue.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redefiningtheweb | pdf_generator_for_wordpress_elementor | <= 2.0.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/elementor-84/?rtw_generate_pdf=true&rtw_pdf_file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd↗
yara
rule CVE_2024_9935_path_traversal { strings: $param1 = "rtw_generate_pdf=true" $param2 = "rtw_pdf_file=" $traversal = "..%2f" condition: $param1 and $param2 and $traversal }- →Detect exploitation attempts by monitoring HTTP requests containing both 'rtw_generate_pdf=true' and 'rtw_pdf_file=' query parameters, especially with path traversal sequences (../ or URL-encoded variants like ..%2f).
- →Responses to exploit attempts will have Content-Type 'application/pdf' and HTTP 200 status, while the body contains the contents of the traversed file (e.g., matching 'root:.*:0:0:' for /etc/passwd).
- →Fingerprint vulnerable WordPress installations by checking page bodies for the plugin path string 'wp-content/plugins/pdf-generator-addon-for-elementor-page-builder'.
- →The vulnerable function is rtw_pgaepb_dwnld_pdf() at line 133 of the plugin's public class file; no authentication is required to trigger it.
- ·The NVD entry lists the vulnerable version range as up to and including 2.0.0, while the Nuclei template and Wordfence advisory reference 1.7.5 as the upper bound. Detection rules should account for both version ranges. ↗
- ·CVE-2025-24569 may be a duplicate of this issue; correlate alerts from both CVEs to avoid double-counting incidents. ↗
- ·The Nuclei template uses a two-step flow: first confirming plugin presence on the target, then sending the traversal payload. Single-request detections may miss the prerequisite fingerprinting step.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download
nuclei·CVSS 7.5
CVE-2024-9935 [HIGH] PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download
PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Template:
id: CVE-2024-9935
info:
name: PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download
author: s4e-io
severity: high
description: |
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possib
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/pdf-generator-addon-for-elementor-page-builder/trunk/public/class-pdf-generator-addon-for-elementor-page-builder-public.php#L133https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3197343%40pdf-generator-addon-for-elementor-page-builder&new=3197343%40pdf-generator-addon-for-elementor-page-builder&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/36daf2af-1db3-4b35-8849-480212660b2f?source=cve
2024-11-16
Published