What is Elementor Pro?
Elementor Pro is a plugin that is used in WordPress. With Elementor Pro, you can create beautiful websites without any coding skills. It features drag-and-drop functionality, theme building, a template collection, custom widget support, and a WooCommerce builder for online shops. Over 11 million users are currently using this plugin to create their websites. With Elementor Pro, you can create almost anything that you need on a website. For example, you can create custom widgets or an online shop using the WooCommerce builder and provide it as a service.(Critical vulnerability in WordPress Elementor Pro plugin 2023)
High-severity vulnerability in Elementor Pro
On March 18, 2023, NinTechNet researcher Jerome Bruandet discovered this vulnerability. While reporting the issue, he explained how he exploited the bug when installing WooCommerce.
Vulnerability in Elementor version v3.11.6
This vulnerability exists in all versions of Elementor Pro before v3.11.6. An attacker can easily exploit these versions and redirect users to a malicious website, as well as upload malicious files to the website. If an attacker successfully uploads their shell (a malicious file) to the site, they can gain control of the entire site.
How the Vulnerability Can Be Exploited
The security researcher further explained this vulnerability by stating that the vulnerability is being exploited due to the WooCommerce module “elementor-pro/modules/woocommerce/module.php” being linked to broken access control (BAC). This allows an attacker to modify the database without any validation.
Hackers are exploiting this bug through a vulnerable AJAX action (“pro_woocommerce_update_page_option”), in which input validation is not properly validated, making its exploitation possible. (Critical vulnerability in WordPress Elementor Pro plugin 2023)
Learn Advanced Bug Bounty Automation Right Now
The researcher further explained in their writeup that due to this bug, an attacker can enable their role and gain administrator privileges. They can also switch their own account’s role to admin. Once they gain the site administrator’s role, they can change the site’s email and redirect users to their phishing or malicious website. Additionally, they can drop a backdoor on the website and establish a reverse connection to execute arbitrary commands on the site.
PatchStack Report About This Vulnerability
According to PatchStack’s report, attackers are continuously exploiting this vulnerability and redirecting users to malicious websites (e.g. evil(.)com). Attackers are also dropping their backdoors on websites. Researchers have found backdoors on most sites, including “wp-rate.php”, “lll.zip”, and “wp-resortpark.zip”. The majority of attacks have been reported from the following IP addresses: 193.169.194.63, 193.169.195.64, and 194.135.30.6. (Critical vulnerability in WordPress Elementor Pro plugin 2023 )
How to Fix This Vulnerability
If you are using version v3.11.6 or an earlier version of Elementor Pro, update it to version 3.11.7 as soon as possible. After updating, your website will be safe and attackers will not be able to exploit it. (Critical vulnerability in WordPress Elementor Pro plugin 2023)