One of the most popular WordPress plugins has a serious security flaw
An Elementor library allowed attackers to reset anyone’s password
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A hugely popular plugin for theWordPress website builderwas carrying a high-severity flaw that could have allowed threat actors to take full control of the target website, experts have found.
Cybersecurity researchers from PatchStack discovered a flaw in the “Essential Addons for Elementor” plugin - a library for the Elementor page builder, consisting of 90 different extensions.
The team claims more than a millionWordPresssites have the library installed.
Stealing the website
The flaw, which has since been patched, is being tracked as CVE-2023-32243, and it’s described as an unauthenticated privilege escalation flaw on the password reset functionality. All versions from 5.4.0 up to 5.7.1 are vulnerable, the researchers are saying. Apparently, a threat actor could, with relative ease, reset the password of an admin account, assume control, and thus take over the entire website.
“It is possible to reset the password of any user as long as we know their username, thus being able to reset the password of the administrator and login on their account," PatchStack said. “This vulnerability occurs because this password reset function does not validate a password reset key and instead directly changes the password of the given user.”
WordPress plugin exposes half a million sites to attack>Elementor website builder review>Check out the best website builders out there
When a malicious actor takes control of a website, there are a number of things they could do, from stealing sensitive information and engaging in identity theft, to distributingmalwareand engaging in ad fraud.
Prior to exploiting the flaw, the attackers need to know a couple of things, including the username of the system’s admin. They also need to set a random value in POST ‘page_id’ and ‘widget_id’ inputs, as otherwise, the plugin would report an error to the actual admin. Furthermore, thes must provide the correct nonce value on the ‘eael-resetpassword-nonce’ as that validates the password reset and sets a new password on the ‘eael-pass1’ and ‘eael-pass2’ parameters.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
If you’re using Essential Addons for Elementor, make sure to bring it up to version 5.7.2.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
We might have our first look at the long-rumored Samsung tri-fold
