WordPress is one of the most famous content management systems (CMS) in use today, powering millions of websites. It is an open-source platform, which means anyone can create plugins to extend its functionality. While many of these plugins are well-made and secure, some may contain bugs or vulnerabilities that can be exploited by hackers.
Hackers can exploit vulnerabilities in WordPress plugins in a number of ways, including:
- Injecting malicious code: Hackers may exploit a vulnerability in a plugin to inject their own code into a website, allowing them to gain control over the site and carry out further attacks.
- Stealing data: A vulnerability in a plugin can be used to steal sensitive information from a website, such as login credentials or financial data.
- Defacing websites: In some cases, hackers may exploit a plugin vulnerability to deface a website, replacing its content with their own message or images.
In the case of a bug in a WordPress plugin used by over 11 million websites, the exact details of the exploit will depend on the specific vulnerability in question. However, it is likely that hackers will attempt to use the vulnerability to gain unauthorized access to websites, steal data, or carry out other malicious activities. It is important for website owners to keep their WordPress plugins up to date and to monitor their sites for any signs of suspicious activity.
Elementor Pro is a popular WordPress plugin used by over 11 million websites. This web page creation plugin allows users who don’t know how to code to create professional sites. The plugin supports multiple features such as drag and drop, theme creation, template collection, custom widget support, WooCommerce builder (for online shops). BleepingComputer reports that hackers are actively exploiting this WordPress plugin bug. This security flaw was discovered in March by a researcher named Jerome Bruandet. Bruandet also shared technological datas about how hackers are influencing the bug while users have the plugin installed alongside WooCommerce.
WordPress Elementor Pro bug: what is it?
Reports claim this issue affects version 3.11.6 of the plugin and all earlier versions. This bug allows authenticated users (such as shop customers and site members) to change site settings. This bug can also be used by hackers to perform a complete takeover of your site.
Bruandet explains that the bug influences broken access maintained in the plugin’s WooCommerce module. This issue allows any user to change WordPress options in the database without proper validation.
A vulnerable AJAX action named “pro_woocommerce_update_page_option” helps attackers exploit this flaw. This action cannot perform a functional check due to poorly implemented input validation.
Bruandet explains: There are many other possibilities. “
However, it’s important to note that hackers would also need to have the WooCommerce plugin installed on their site to exploit this bug. The WooCommerce plugin is reportedly enabling vulnerable modules for Elementor Pro.
How Hackers Exploit This Bug
Security firm PatchStack reports that hackers are focusly with their active work ,utilizing this Elementor Pro plugin bug to divert visitors to unsafe sites. Hackers have also been reported to upload backdoors to compromised websites. The report also shares the names of the backdoors uploaded in these attacks. This is wp-resortpark.zip, wp-rate.php, or lll.zip.
A sample lll.zip archive containing a PHP script was found. Remote attackers can use this to upload additional files to the compromised server. This backdoor also allows hackers to gain full access to your WordPress site. Attackers can access this backdoor to steal data or install additional malicious code.