Tweet
A hugely popular plugin for the WordPress website builder was carrying a high-severity flaw that could have allowed threat actors to take full control of the target website, experts have found.
Cybersecurity researchers from PatchStack discovered a flaw in the âEssential Addons for Elementorâ plugin - a library for the Elementor page builder, consisting of 90 different extensions.
The team claims more than a million WordPress sites have the library installed.
[HEADING=1]Stealing the website[/HEADING]
The flaw, which has since been patched, is being tracked as CVE-2023-32243, and itâs described as an unauthenticated privilege escalation flaw on the password reset functionality. All versions from 5.4.0 up to 5.7.1 are vulnerable, the researchers are saying. Apparently, a threat actor could, with relative ease, reset the password of an admin account, assume control, and thus take over the entire website.
âIt is possible to reset the password of any user as long as we know their username, thus being able to reset the password of the administrator and login on their account," PatchStack said. âThis vulnerability occurs because this password reset function does not validate a password reset key and instead directly changes the password of the given user.â
Read more
When a malicious actor takes control of a website, there are a number of things they could do, from stealing sensitive information and engaging in identity theft, to distributing malware and engaging in ad fraud.
Prior to exploiting the flaw, the attackers need to know a couple of things, including the username of the systemâs admin. They also need to set a random value in POST âpage_idâ and âwidget_idâ inputs, as otherwise, the plugin would report an error to the actual admin. Furthermore, thes must provide the correct nonce value on the âeael-resetpassword-nonceâ as that validates the password reset and sets a new password on the âeael-pass1â and âeael-pass2â parameters.
If youâre using Essential Addons for Elementor, make sure to bring it up to version 5.7.2.
[ul]
[li]These are the best WordPress hosting services right now[/li][/ul]
Via: BleepingComputer
Continue readingâŚ
Cybersecurity researchers from PatchStack discovered a flaw in the âEssential Addons for Elementorâ plugin - a library for the Elementor page builder, consisting of 90 different extensions.
The team claims more than a million WordPress sites have the library installed.
[HEADING=1]Stealing the website[/HEADING]
The flaw, which has since been patched, is being tracked as CVE-2023-32243, and itâs described as an unauthenticated privilege escalation flaw on the password reset functionality. All versions from 5.4.0 up to 5.7.1 are vulnerable, the researchers are saying. Apparently, a threat actor could, with relative ease, reset the password of an admin account, assume control, and thus take over the entire website.
âIt is possible to reset the password of any user as long as we know their username, thus being able to reset the password of the administrator and login on their account," PatchStack said. âThis vulnerability occurs because this password reset function does not validate a password reset key and instead directly changes the password of the given user.â
Read more
WordPress plugin exposes half a million sites to attack
Elementor website builder review
Check out the best website builders out there
Elementor website builder review
Check out the best website builders out there
Prior to exploiting the flaw, the attackers need to know a couple of things, including the username of the systemâs admin. They also need to set a random value in POST âpage_idâ and âwidget_idâ inputs, as otherwise, the plugin would report an error to the actual admin. Furthermore, thes must provide the correct nonce value on the âeael-resetpassword-nonceâ as that validates the password reset and sets a new password on the âeael-pass1â and âeael-pass2â parameters.
If youâre using Essential Addons for Elementor, make sure to bring it up to version 5.7.2.
[ul]
[li]These are the best WordPress hosting services right now[/li][/ul]
Via: BleepingComputer
Continue readingâŚ