Bajorat Media
WordPress Security Alert: Elementor Pro plugin has critical security flaw
Critical vulnerability in WordPress plugin Elementor Pro and WooCommerce: Learn how to protect your website and perform urgent updates.
A high-risk security vulnerability in the Elementor Pro WordPress plugin poses a threat to millions of websites. Attackers use this vulnerability to gain unauthorized access to the affected pages. In this article, you will learn how to protect your website and what actions should be taken immediately. The widespread one WordPress plugin Elementor Pro, which is installed on over five million websites, has a serious security vulnerability. The IT researchers from Patchstack warn of active attacks and strongly recommend installing the available updates as quickly as possible. Below we will go into the background, the combinations affected and the necessary protective measures.
Critical security vulnerability in Elementor Pro and WooCommerce
The vulnerability only affects installations of Elementor Pro in conjunction with the WooCommerce plugin. When WooCommerce is installed on a WordPress instance, Elementor Pro loads the component “elementor-pro/modules/woocommerce/module.php” which registers some Ajax actions. One of these actions inadequately checks user input and does not sufficiently restrict actions to highly privileged users. Additional vulnerabilities in the affected version make it possible to circumvent additional protective measures. 
Attack scenario and risk assessment
Attackers can log in as administrators by exploiting the vulnerability. The WooCommerce plugin allows every website visitor to create a customer account and thus exploit the vulnerability. The IT researchers at Patchstack rate the risk as high (CVSS 8.8). The vulnerability is present in Elementor Pro versions prior to 3.11.7, while the current version is 3.12.0.
Important updates and recommendations for action
Website administrators using Elementor Pro and WooCommerce should immediately check whether they Version 3.11.7 or newer to use the plugin. If not, it is urgent to update the plugin.
Detecting attack indicators
According to Patchstack, after a successful attack, attackers could redirect the website to another malicious domain or upload a malicious plugin or backdoor. The IT security researchers have identified some Indicators of Compromise (IOCs) that indicate an attack. For example, attacks were made from IP addresses
- 193.169.194.63
- 193.169.195.64
- 194.135.30.6
carried out. The attackers uploaded the following files:
- wp-resortpack.zip
- wp-rate.php
- lll.zip
If such files are found in the directories of your WordPress installation, it is advisable that IT managers thoroughly investigate the affected instances and take appropriate action. Plugin security and recurring security vulnerabilities Due to the large number of plugins available for WordPress, security vulnerabilities are unfortunately not uncommon. In January of this year, the LearnPress WordPress plugin, which is used on more than 75,000 websites, was particularly affected by a critical security vulnerability.
Tl;dr
The critical vulnerability in the Elementor Pro plugin combined with WooCommerce is a serious issue that needs to be addressed immediately. Administrators of affected websites should install the recommended updates as quickly as possible to protect their systems from attacks. It is also important to always keep an eye on the security of WordPress plugins and to carry out regular security checks in order to identify and fix potential vulnerabilities at an early stage. Secure your WordPress website with expert support! Discover our reliable WordPress maintenance service and ensure optimal protection. Find out more now!
