WordPress security alert: Elementor Pro plugin has critical vulnerability

WordPress security alert: Elementor Pro plugin has critical vulnerability

Written by Editorial

For more than 15 years, we have supported our customers in all digital challenges and contributed significantly to their success.

April 3, 2023

A high-risk vulnerability in the WordPress plugin Elementor Pro poses a threat to millions of websites. Attackers use this vulnerability to gain unauthorized access to the affected pages. In this article you will learn how to protect your website and what measures should be taken immediately.

The widely used WordPress plugin Elementor Pro, which is installed on over five million websites, has a serious security vulnerability. The IT researchers at Patchstack warn against active attacks and strongly recommend installing the available updates as soon as possible. In the following, we will go into the background, the affected combinations and the necessary protective measures.

Critical vulnerability in Elementor Pro and WooCommerce

The vulnerability only affects installations of Elementor Pro in conjunction with the WooCommerce plugin. When WooCommerce is installed on a WordPress instance, Elementor Pro loads the component "elementor-pro/modules/woocommerce/module.php", which registers some Ajax actions. One of these actions insufficiently validates user input and does not sufficiently restrict actions to highly privileged users. Other vulnerabilities in the affected version allow additional protections to be bypassed.

Elementor Pro plugin

Attack scenario and risk assessment

Attackers can log in as administrators by exploiting the vulnerability. The WooCommerce plugin allows any website visitor to create a customer account and thus exploit the vulnerability. The IT researchers at Patchstack rate the risk as high (CVSS 8.8). The vulnerability is present in Elementor Pro versions prior to 3.11.7, while the current version is 3.12.0.

Important updates and recommended actions

Website administrators who use Elementor Pro and WooCommerce should immediately check if they have version 3.11.7 or newer of the plugin. If not, it is urgent to update the plugin to the latest version.

Recognize attack indicators

According to Patchstack, after a successful attack, attackers could redirect the website to another malicious domain or upload a malicious plugin or backdoor. IT security researchers have identified several Indicators of Compromise (IOCs) that point to an attack.

For example, attacks were launched from the IP addresses

  • 193.169.194.63
  • 193.169.195.64
  • 194.135.30.6

performed. The attackers uploaded the following files:

  • wp-resortpack.zip
  • wp-rate.php
  • lll.zip

If such files are found in the directories of your WordPress installation, it is advisable for IT managers to thoroughly examine the affected instances and take appropriate measures.

Plugin security and recurring vulnerabilities

Due to the large number of available plugins for WordPress, security vulnerabilities are unfortunately not uncommon. In January of this year, the WordPress plugin LearnPress in particular was affected by a critical security vulnerability, which is used on more than 75,000 websites.

Tl;dr

The critical vulnerability in the Elementor Pro plugin in combination with WooCommerce is a serious issue that needs to be addressed immediately. Administrators of affected websites should install the recommended updates as soon as possible to protect their systems from attacks. Furthermore, it is important to always keep an eye on the security of WordPress plugins and perform regular security checks to detect and fix potential vulnerabilities at an early stage.

Secure your WordPress website with expert assistance! Discover our reliable WordPress maintenance service and ensure optimum protection. Get informed now!

Recommended posts

Looking for a reliable and competent marketing & WordPress agency?

Let's tackle your project together!

Bajorat Media has 4,9 from 5 Stars | 3055 Reviews on ProvenExpert.com