Unidentified threat actors have recently exploited a security vulnerability in the WordPress Elementor Pro website builder plugin. The vulnerability, which involves broken access control, affects versions 3.11.6 and earlier. Developers addressed the issue in the version 3.11.7 release on March 22. The Tel Aviv-based company noted, “Improved code security enforcement in WooCommerce components.” Experts believe the premium plugin is installed on over 12 million websites.
Implications and Consequences of the WordPress Security Flaw
If exploited successfully, this high-severity vulnerability allows an authenticated attacker to control a WordPress site using WooCommerce. Consequently, Patchstack’s March 30, 2023, alert explains the risk. Specifically, it states that a malicious user can activate the registration page if it’s disabled. Following that, they can then assign the default user role as an administrator.
NinTechNet security researcher Jerome Bruandet, who discovered and reported the vulnerability on March 18, 2023, is credited for his efforts. Patchstack also mentioned that several IP addresses are currently abusing this flaw in the wild, attempting to upload arbitrary PHP and ZIP archive files.
Elementor Pro plugin users are urged to update to versions 3.11.7 or 3.12.0 (the latest version) as soon as possible to counter potential threats. In a previous incident, the Essential Addons for Elementor plugin had a critical vulnerability. This flaw could lead to arbitrary code execution on compromised websites.
Last week, WordPress released auto-updates to fix a critical bug in the WooCommerce Payments plugin. This vulnerability allowed unauthenticated attackers to gain administrator access to affected sites.
An Overview of Elementor Pro
Elementor Pro, a powerful website builder plugin for WordPress, offers a wide range of features catering to both web design professionals and enthusiasts. The easy-to-use drag-and-drop interface of Elementor Pro streamlines the process of creating visually stunning and responsive websites, eliminating the need for coding expertise.
Elementor Pro provides advanced design tools like dynamic content, custom CSS, and global widgets for unique, customizable websites. It also includes pre-built templates and blocks for easy website creation. Regular updates and a supportive community ensure a seamless web design experience.
{{user}} {{datetime}}
{{text}}