Researchers have discovered a critical vulnerability in Elementor Pro, a widely used WordPress plugin that could allow hackers to take complete control of millions of sites. This vulnerability, which has a severity rating of 8.8 out of 10, is present in Elementor Pro, a premium plugin running on over 12 million sites powered by WordPress.
Elementor Pro is a tool that allows users to create high-quality websites using a wide range of tools, one of which is WooCommerce, a separate WordPress plugin. When those conditions are met, anyone with an account on the site—such as a subscriber or customer—can create new accounts that have full administrator privileges.
The vulnerability was discovered by Jerome Bruandet, a researcher with the security firm NinTechNet. The developer of Elementor Pro plugin has since released version 3.11.7, which patches the flaw. However, researchers with a separate security firm, PatchStack, report that the vulnerability is already under active exploitation. Attacks are coming from a variety of IP addresses, including 193.169.194.63, 193.169.195.64, and 194.135.30.6.
Files uploaded to compromised sites often have the following names: wp-resortpack.zip, wp-rate.php, lll.zip. URLs of compromised sites are often being changed to away[dot]trackersline[dot]com. The broken access control vulnerability stems from Elementor Pro’s use of the “elementor-pro/modules/woocommerce/module.php” component. When WooCommerce is running, this script registers the following AJAX actions:
/**
* Register Ajax Actions.
*
* Registers ajax action used by the Editor js.
*
* @since 3.5.0
*
* @param Ajax $ajax
*/
public function register_ajax_actions( Ajax $ajax ) {
// `woocommerce_update_page_option` is called in the editor save-show-modal.js.
$ajax->register_ajax_action( 'pro_woocommerce_update_page_option', [ $this, 'update_page_option' ] );
$ajax->register_ajax_action( 'pro_woocommerce_mock_notices', [ $this, 'woocommerce_mock_notices' ] );
}
The update_option function “is supposed to allow the Administrator or the Shop Manager to update some specific WooCommerce options, but user inputs aren't validated and the function lacks a capability check to restrict its access to a high-privileged user only,” Bruandet explained.
Users of Elementor Pro should ensure they are running version 3.11.7 or later, as all previous versions are vulnerable. It’s also a good idea for these users to check their sites for the signs of infection listed in the PatchStack post.
In conclusion, Elementor Pro users should update their plugin immediately to avoid falling victim to hackers exploiting this vulnerability. With over 12 million sites using this plugin, the risks are significant. As always, users should also be cautious when clicking on any suspicious links or files and regularly check their websites for any unusual activity.
0 Comments