WP Elementor Pro Vulnerability Exploit Update Version 3.11.7

Updated on

WordPress Elementor Pro Vulnerability

Are you aware of the Elementor Pro vulnerability that can result in your website being hacked?

If no, then attention WordPress users! A popular WordPress website builder plugin Elementor Pro has been found to contain a critical vulnerability that can enable threat actors to gain complete control over your website.

According to researchers, this vulnerability poses a high-security risk and requires immediate action.

What is Elementor Pro?

Elementor Pro is a highly popular WordPress plugin that’s trusted by more than eleven million websites around the world. It’s a user-friendly web page builder that makes it easy for people with no coding experience to create professional-looking sites.

Features like drag-and-drop functionality, theme building, a wide range of templates, custom widget support, and even a WooCommerce builder for online shops, this plugin is a go-to choice for anyone looking to build a website quickly and easily.

elementor pro vulnerability

What is Elementor Pro Vulnerability?

The Elementor Pro vulnerability in WordPress is a security flaw that was discovered in the Elementor Pro plugin. This flaw allows authenticated users, such as site managers or shop customers, to change site settings, including administrator settings, it impacts versions 3.11.6 and earlier.

This vulnerability exists due to broken access control on the plugin’s WooCommerce module, which allows attackers to modify options in the WordPress database without proper validation.

Also read the previous Elementor pro vulnerability Websites Redirecting to Digestcolect .com

Let’s discuss about Elementor pro vulnerability and what you can do to protect your website from potential attacks.

Elementor Pro Vulnerability: Over 11 Million WordPress Websites at Risk.

A security vulnerability has been found in Elementor Pro, a widely used WordPress plugin that could put over 11 million websites at risk. The flaw allows attackers who are authenticated users (such as shop customers or site managers) to change a site’s settings, including administrator settings. This could result in a website being completely taken over by the attacker.

The vulnerability was discovered by security researcher Jerome Braundet from NinTechNet, a cybersecurity company. Bruandet published a post regarding elementor pro vulnerability:

“An authenticated attacker can leverage the vulnerability to create an administrator account by enabling registration (users_can_register) and setting the default role (default_role) to “administrator”, change the administrator email address (admin_email) or, as shown below, redirect all traffic to an external malicious website by changing siteurl among many other possibilities:

MariaDB [example]> SELECT * FROM `wp_options` WHERE `option_name`='siteurl';
+-----------+-------------+------------------+----------+
| option_id | option_name | option_value     | autoload |
+-----------+-------------+------------------+----------+
|		 1 | siteurl     | https://evil.com | yes 	 |
+-----------+-------------+------------------+----------+
1 row in set (0.001 sec)

 

It is due to a broken access control on the plugin’s WooCommerce module, which could enable attackers to modify options in the WordPress database without proper validation.

Also read WooCommerce Site Hacked & Plugin Vulnerabilities 2023

Security firms like PatchStack, reports that the vulnerability in elementor pro is being actively exploited. Attacks are coming from a variety of IP addresses, including:

  • 193.169.194.63
  • 193.169.195.64
  • 194.135.30.6

Files uploaded to compromised sites often have the following names:

  • wp-resortpack.zip
  • wp-rate.php
  • lll.zip

URLs of compromised sites are often being changed to:

  • Away[dot]trackersline[dot]com

The broken access control vulnerability stems from Elementor Pro’s use of the “elementor-pro/modules/woocommerce/module.php” component. When WooCommerce is running, this script registers the following AJAX actions:

/**
 * Register Ajax Actions.
 *
 * Registers ajax action used by the Editor js.
 *
 * @since 3.5.0
 *
 * @param Ajax $ajax
 */
public function register_ajax_actions( Ajax $ajax ) {
   // `woocommerce_update_page_option` is called in the editor save-show-modal.js.
   $ajax->register_ajax_action( 'pro_woocommerce_update_page_option', [ $this, 'update_page_option' ] );
   $ajax->register_ajax_action( 'pro_woocommerce_mock_notices', [ $this, 'woocommerce_mock_notices' ] );
}

and

/**
 * Update Page Option.
 *
 * Ajax action can be used to update any WooCommerce option.
 *
 * @since 3.5.0
 *
 * @param array $data
 */
public function update_page_option( $data ) {
   update_option( $data['option_name'], $data['editor_post_id'] );
}

The update_option function “is supposed to allow the Administrator or the Shop Manager to update some specific WooCommerce options, but user input aren’t validated and the function lacks a capability check to restrict its access to a high privileged user only,” Bruandet explained. He continued:

Elementor uses its own AJAX handler to manage most of its AJAX actions, including pro_woocommerce_update_page_option, with the global elementor_ajax action. It is located in the “elementor/core/common/modules/ajax/module.php” script of the free version (which is required to run Elementor Pro) :

/**

 * Handle ajax request.

 *

 * Verify ajax nonce, and run all the registered actions for this request.

 *

 * Fired by `wp_ajax_elementor_ajax` action.

 *

 * @since 2.0.0

 * @access public

 */

public function handle_ajax_request() {

   if ( ! $this->verify_request_nonce() ) {

   $this->add_response_data( false, esc_html__( ‘Token Expired.’, ‘elementor’ ) )

      ->send_error( Exceptions::UNAUTHORIZED );

   }

   …

Elementor Pro Vulnerability Resolved in Version 3.11.7

Users of Elementor Pro are strongly advised to update their plugin to version 3.11.7 or higher, as all previous versions are vulnerable to the security flaw.

Additionally, users should check their websites for signs of infection, as detailed in the PatchStack post, to ensure that their sites have not already been compromised. Taking these measures can help protect websites from potential attacks and mitigate the risk of sensitive data being stolen or malicious code being installed.

Protect Your Website with WP Hacked Help: Scan and Check Elementor Pro Vulnerabilities.

Whether or not you use Elementor Pro, it’s recommended that you should run regular scans with WP Hacked Help to protect your website.

This scanner can detect potential vulnerabilities on your site and provide you with the necessary assistance to promptly fix them. A security breach can compromise your website’s security and potentially lead to data breaches or other security incidents.

By regularly scanning your WordPress site with WP Hacked Help, you can identify and address any vulnerabilities before they can be exploited by malicious actors.