A critical security vulnerability has been discovered in the widely used WordPress plugin, Essential Addons for Elementor. The vulnerability, identified as CVE-2023-32243, has the potential to be exploited by malicious actors, allowing them to gain elevated privileges on affected websites. The plugin maintainers have promptly addressed this issue in version 5.7.2, released on May 11, 2023. With over one million active installations, it is crucial for users to update their plugin to the latest version immediately to mitigate the risks associated with this vulnerability.
Details of the Vulnerability:
The security flaw in the Essential Addons for Elementor plugin enables unauthenticated users to escalate their privileges to that of any user on the WordPress site. This unauthenticated privilege escalation vulnerability allows threat actors to reset the password of any user by knowing their username. The vulnerability has existed since version 5.4.0, potentially impacting a large number of websites. Exploitation of this flaw could lead to severe consequences, such as unauthorised access and complete control over the compromised website.
Previous Vulnerabilities and Emerging Threats:
Evolution of Malware Campaigns:
Malicious actors continually adapt their tactics to evade detection and extend the lifespan of their malware campaigns. The SocGholish malware campaign exemplifies this trend, as attackers modify their approach to inject malicious scripts into compromised WordPress websites. Additionally, Malwarebytes recently published a technical report outlining a malvertising campaign that targets visitors to adult websites. The campaign uses popunder ads that mimic fake Windows updates and deliver the “in2al5d p3in4er” (aka Invalid Printer) loader. This loader checks the system’s graphics card to determine if it is running on a virtual machine or a sandbox environment, ultimately launching the Aurora information stealer malware.
Immediate Action Required:
Wordfence, a leading WordPress security provider, has reported active exploitation of the critical vulnerability in the Essential Addons for Elementor plugin. In the past 24 hours alone, they have blocked 200 attacks targeting this flaw. Given the ongoing attacks, it is vital for users to update the plugin to the latest version without delay. Immediate action will help safeguard websites from potential compromise and ensure the continued security of user data.
The security vulnerability in the Essential Addons for Elementor plugin highlights the importance of regularly updating plugins to protect against emerging threats. Website administrators and users should prioritise updating the plugin to version 5.7.2 or later to address the critical vulnerability promptly. Additionally, staying vigilant against evolving malware campaigns, such as SocGholish and the Invalid Printer loader, is crucial for maintaining a secure online environment. By staying informed and taking necessary security measures, website owners can safeguard their sites and protect user data from potential breaches.