A recently disclosed security vulnerability in the widely used WordPress plugin, Essential Addons for Elementor, has raised concerns about potential unauthorized access and privileges on affected websites. This critical flaw, known as CVE-2023-32243, has been promptly addressed by the plugin maintainers in their latest version 5.7.2 release. With over a million active installations, the plugin’s users are urged to update to the patched version to ensure their website’s security.
Unauthenticated Privilege Escalation:
According to Rafie Muhammad, a researcher at Patchstack, the plugin suffers from an unauthenticated privilege escalation vulnerability. This vulnerability enables any unauthorized user to elevate their privileges to that of any user on the WordPress site, posing a significant security risk. Exploiting this flaw successfully would allow a threat actor to reset the password of any user, provided they have knowledge of the targeted user’s username. The vulnerability is believed to have existed since version 5.4.0 of the plugin.
The Potential Consequences:
This security flaw has serious implications as it could potentially allow attackers to reset the password associated with an administrator account, effectively gaining full control over the compromised website. Rafie Muhammad highlights that the vulnerability arises due to a lack of password reset key validation, allowing direct password changes without proper authentication checks. Promptly updating to version 5.7.2 is crucial to mitigate these risks and protect WordPress sites using Essential Addons for Elementor.
Ongoing Threat Landscape:
The disclosure of this vulnerability coincides with a recent wave of attacks targeting WordPress sites since late March 2023. These attacks aim to inject the SocGholish (aka FakeUpdates) malware, a persistent JavaScript malware framework. Operating as an initial access provider, SocGholish facilitates the delivery of additional malware to compromised hosts. Attackers have been using deceptive methods, such as disguising malware as a web browser update via drive-by downloads, to distribute SocGholish.
Evolution of Malware Tactics:
In their pursuit of evading detection and prolonging the effectiveness of their campaigns, malicious actors continuously adapt their techniques. Sucuri researcher Denis Sinegubko highlights the sophistication of the SocGholish malware, emphasizing its ability to utilize compression techniques through the zlib software library. This technique enables malware to conceal itself, minimize its footprint, and evade detection.
Expanding Malvertising Campaigns:
The malware landscape is not limited to SocGholish. A recent technical report from Malwarebytes uncovers a malvertising campaign targeting visitors to adult websites. The campaign serves popunder ads that mimic a fake Windows update, designed to drop the “in2al5d p3in4er” (aka Invalid Printer) loader. This loader, documented by Morphisec, is specifically designed to detect virtual machine or sandbox environments and deploy the Aurora information stealer malware.
Urgency to Update Essential Addons for Elementor:
Wordfence has issued an advisory stating that the critical vulnerability in the Essential Addons for Elementor plugin is actively being exploited in the wild. Within the past 24 hours alone, they have detected and blocked 200 attacks targeting this flaw. To safeguard websites from potential attacks and unauthorized access, it is imperative that users swiftly update their Essential Addons for Elementor plugin to the latest version.
Conclusion:
The security vulnerability discovered in Essential Addons for Elementor plugin underscores the critical importance of promptly updating software to address known vulnerabilities. By staying vigilant and keeping plugins and themes up to date, website owners can fortify their defenses against potential exploits and ensure the security of their online presence.
Suggest an edit to this article
Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.