A high-risk vulnerability in the WordPress plugin Elementor Pro is being exploited by attackers to gain administrative access to WordPress websites. The vulnerability affects more than 5 million WordPress sites. However, this vulnerability only affects the installations that use the Pro version, which were also installed in combination with Woocommerce.
According to Patchstack’s IT researchers, the recently discovered and closed vulnerability in Elementor Pro is now under active attack. Cyber intruders can gain full control over vulnerable systems. Registered users can create an administrator account at the end. With the Woocommerce plugin, every website visitor can create a customer account and abuse the vulnerability.
If Woocommerce runs on the WordPress instance, Elementor Pro loads the elementor-pro/modules/woocommerce/module.php component, which registers some Ajax actions. One of them does not adequately validate user input and does not restrict actions to highly privileged users. A few other shortcomings allow further protective measures to be circumvented in the vulnerable version.
IT researchers classify the risk as high (CVSS 8.8). The vulnerability is found in Elementor prior to version 3.11.7. The current status is 3.12.0. Administrators of a WordPress website with Elementor Pro and Woocommerce should immediately check whether they are using version 3.11.7 or newer of the plugin and update it if necessary.
Patchstack suggests that after a successful attack, attackers “probably either switch the website to another malicious domain, or upload a malicious plugin or backdoor to further infiltrate the site.” The IT security researchers list some Indicators of Compromise (IOCs), i.e. indications pointing to an attack. Examples of IOCs include attacks from the IP addresses 193.169.194.63, 193.169.195.64, and 194.135.30.6. The burglars uploaded the following files: wp-resortpack.zip, wp-rate.php, and lll.zip.
In order to prevent such insecurity, IT managers should examine the instances thoroughly. Due to the sheer number of plugins alone, there are often some with security gaps. For example, at the end of January, the WordPress plugin Learnpress was affected by a critical security vulnerability. It is used on more than 75,000 websites.
In conclusion, vulnerabilities in popular software can pose significant security risks, allowing attackers to gain access to websites and user data. Users should keep their software up to date and implement security measures to protect their websites. With the WordPress plugin Elementor Pro, users should update to version 3.11.7 or newer and ensure that Woocommerce is not prone to vulnerabilities, allowing for a safer website experience.
