Hackers began to actively exploit a vulnerability found in the paid Elementor Pro plugin for CMS WordPress, the world’s most popular website creation platform. The plugin is installed on 12 million WordPress sites, and the vulnerability is rated 8.8 out of 10, which means it has the status of critical.
Image source: Gerd Altmann / pixabay.com
Elementor Pro offers tools to simplify the development and management of site elements, and also includes tools for interacting with the WooCommerce plugin for creating online stores. The vulnerability manifests itself on sites with both Elementor Pro and WooCommerce installed: any registered user can create new accounts with administrator privileges. Last week, the Elementor Pro developer released version 3.11.7 update, in which the vulnerability was closed.
The vulnerability is related to the Elementor Pro and WooCommerce interaction module – one of its functions is designed to update some parameters of the online store, but data entry is not validated, and the function itself does not have the means to restrict access to users with insufficient privileges. As a result, an attacker who has gained administrator rights, in particular, can change the siteurl parameter in order to redirect all traffic from an infected site to an external malicious resource. Attacks on sites with an outdated version of the plugin are often carried out from IP addresses 193.169.194.63, 193.169.195.64 and 194.135.30.6; and files named wp-resortpack.zip, wp-rate.php, and lll.zip often appear on a hacked site.
If you notice an error, select it with the mouse and press CTRL + ENTER.