A high-risk vulnerability in the WordPress plugin Elementor Pro poses a threat to millions of websites. Attackers use this vulnerability to gain unauthorized access to the affected pages. In this article you will learn how to protect your website and what measures should be taken immediately.
The widely used WordPress plugin Elementor Pro, which is installed on over five million websites, has a serious security vulnerability. The IT researchers at Patchstack warn against active attacks and strongly recommend installing the available updates as soon as possible. In the following, we will go into the background, the affected combinations and the necessary protective measures.
Table of contents
Critical vulnerability in Elementor Pro and WooCommerce
The vulnerability only affects installations of Elementor Pro in conjunction with the WooCommerce plugin. When WooCommerce is installed on a WordPress instance, Elementor Pro loads the component "elementor-pro/modules/woocommerce/module.php", which registers some Ajax actions. One of these actions insufficiently validates user input and does not sufficiently restrict actions to highly privileged users. Other vulnerabilities in the affected version allow additional protections to be bypassed.
Attack scenario and risk assessment
Attackers can log in as administrators by exploiting the vulnerability. The WooCommerce plugin allows any website visitor to create a customer account and thus exploit the vulnerability. The IT researchers at Patchstack rate the risk as high (CVSS 8.8). The vulnerability is present in Elementor Pro versions prior to 3.11.7, while the current version is 3.12.0.
Important updates and recommended actions
Website administrators who use Elementor Pro and WooCommerce should immediately check if they have version 3.11.7 or newer of the plugin. If not, it is urgent to update the plugin to the latest version.
Recognize attack indicators
According to Patchstack, after a successful attack, attackers could redirect the website to another malicious domain or upload a malicious plugin or backdoor. IT security researchers have identified several Indicators of Compromise (IOCs) that point to an attack.
For example, attacks were launched from the IP addresses
- 193.169.194.63
- 193.169.195.64
- 194.135.30.6
performed. The attackers uploaded the following files:
- wp-resortpack.zip
- wp-rate.php
- lll.zip
If such files are found in the directories of your WordPress installation, it is advisable for IT managers to thoroughly examine the affected instances and take appropriate measures.
Plugin security and recurring vulnerabilities
Due to the large number of available plugins for WordPress, security vulnerabilities are unfortunately not uncommon. In January of this year, the WordPress plugin LearnPress in particular was affected by a critical security vulnerability, which is used on more than 75,000 websites.
Tl;dr
The critical vulnerability in the Elementor Pro plugin in combination with WooCommerce is a serious issue that needs to be addressed immediately. Administrators of affected websites should install the recommended updates as soon as possible to protect their systems from attacks. Furthermore, it is important to always keep an eye on the security of WordPress plugins and perform regular security checks to detect and fix potential vulnerabilities at an early stage.
Secure your WordPress website with expert assistance! Discover our reliable WordPress maintenance service and ensure optimum protection. Get informed now!
