Recently, a serious security vulnerability in the Elementor Pro website builder plugin for WordPress was discovered and reported by NinTechNet security researcher Jerome Bruandet. The vulnerability is described as a case of broken access control and affects versions 3.11.6 and earlier. This premium plugin is estimated to be used on over 12 million sites.
Hackers are actively exploiting this flaw, which was addressed by the plugin maintainers in version 3.11.7 released on March 22, and are currently abusing it from several IP addresses. The flaw allows an authenticated attacker to take over a WordPress site that has WooCommerce enabled, allowing them to create an account with administrator privileges and perform malicious actions such as redirecting the site to another malicious domain or uploading a malicious plugin or backdoor.
The vulnerability lies in the pro_woocommerce_update_page_option AJAX action, which is used by Elementor’s built-in editor and allows users to modify WordPress options in the database. The function lacks a capability check to restrict its access to high-privileged users only, and user input is not validated.
Elementor uses its own AJAX handler to manage most of its AJAX actions, including pro_woocommerce_update_page_option, but the nonce check to prevent unauthorized access is leaked in the source of the page to all logged-in users. An authenticated attacker can leverage this vulnerability to create an administrator account by enabling registration and setting the default role to “administrator,” change the administrator email address, or redirect all traffic to an external malicious website.
Users of the Elementor Pro plugin are recommended to update to version 3.11.7 or 3.12.0 as soon as possible to mitigate potential threats. This advisory comes after the Essential Addons for Elementor plugin was found to contain a critical vulnerability last year that could result in the execution of arbitrary code on compromised websites.
WordPress, the most popular content management system in the world, has been under scrutiny for security issues in recent years. In the past, vulnerabilities in popular plugins like WooCommerce have led to massive attacks on WordPress sites. It is crucial for website owners to stay vigilant and keep their software up to date to avoid becoming victims of such attacks.
In conclusion, the Elementor Pro vulnerability poses a significant threat to millions of WordPress sites, and website owners should take immediate action to secure their sites by updating their Elementor Pro plugin. As always, it is crucial to remain vigilant and keep software up to date to avoid becoming a victim of cybercriminals.
