Critical WordPress Plugin Bug Leaves Millions of Sites Open to Attack

Critical WordPress Plugin Bug Leaves Millions of Sites Open to Attack

A new -and potentially deadly - vulnerability was recently identified in a widely used WordPress plugin. 

Wordfence cybersecurity researchers discovered an exposure in the Elementor addon that lets any authorized user submit arbitrary PHP code. Elementor is a very popular WordPress plugin with over five million installations. The plugin has been updated to ver 3.6.0, which included a customized Training module to simplify the plugin's first setup. 

However, the investigators detected that the module registered AJAX operations right away without performing capability checks.

Malicious Software Execution

elementor-urges-updates

Picture: Hostinger.

As per the researchers, an authorized user may access the Ajax::NONCE KEY in numerous methods. Yet, one of the easiest is to inspect the origin of the admin panel as a logged-in user. Such a tactic is available for all authorized individuals, even subscriber-level users. 

Hence, all users logged in may access any of the introductory services. Attackers may construct a rogue "Elementor Pro" plugin zip file and install it via the onboarding procedures. The website would then run the code embedded in the plugins, including malware intended to seize control of the site or access other server resources. In addition, resources claim that these functionalities might help deface the site entirely.

Here is some great news: the weakness does not exist in any previous version of Elementor, and a fix has already been released. On April 13, the team unleashed version 3.6.3 of the plugin, and Wordfence urged all Elementor clients to update immediately.

Elementor is often targeted by bug researchers and threat actors due to its popularity as a WordPress plugin. Wai Yan Muo Thet, a cybersecurity expert, uncovered a significant code execution (RCE) hole in the Crucial Addons for Shortcode plugin in early February – a bug that enabled malicious actors to conduct a local file insertion attack.

The Snow Monkey Editor's Recent Updates

snow-monkey-editor-updates

Picture: WPTavern

Amidst recent investigations, there is still some good news for WordPress users - which manifests in the form of the Snow Monkey Editor.

Block collection plugins came onto the scene in the early days and quickly racked up millions of users. Plugins like Kadence Blocks, blocks, and Ultimate Systems bundle hundreds of blocks into a single package, emphasizing unions not included in the core. The Block Directory on WordPress.org provided an incentive for single-block plugin developers by enabling users to find and activate them directly from the block editor.

Since block themes often involve less unique CSS than standard ones, several plugin builders are experimenting with the addition of intriguing links to the fundamental blocks of WordPress.

The Snow Monkey Editor, built by programmer Takashi Kitajima, is an example of a plugin that lacks custom blocks. Instead, it enhances the block editor by providing core blocks with individual styles. For instance, Snow Monkey Editor may turn a basic text into various alert styles, post-it notes, and voice.

Snow Monkey Editor is a free WordPress plugin with over 10,000 active installations. Kitajima has also built a Snow Monkey Bits plugin with three dozen bespoke elements for users interested in more supplementary extensions of the Snow Monkey Editor. 

5
1 ratings
Jessica Vieira
WRITTEN BY
Jessica Vieira
Jessica Vieira is ProductReviews's senior media reporter, covering the intersection of entertainment and technology.

Advertisement