HOW CAN WE HELP YOU TODAY?

1
Knowledgebase: Announcements
Security Alert Notification - Elementor Pro plugin vulnerability
Posted by Roger A on 18 May 2020 05:01 PM

Dear Customer,

A vulnerability (Remote Code Execution (RCE) attack) has been discovered in the Elementor Pro Plugin that could allow for remote code execution. WordPress is a web-based publishing application implemented in PHP, and the Elementor Pro Plugin allows website designers and creators to create webpages using custom themes and widgets. Successful exploitation of this vulnerability could allow for remote code execution.

Hackers are actively exploiting two security vulnerabilities in the Elementor Pro and Ultimate Addons for Elementor WordPress plugins with the end goal of remotely executing arbitrary code and fully compromising unpatched targets.

Plugin Affected:
Elementor Pro plugin prior to 2.9.4

The Exploit:
1) The attackers who successfully exploit this security flaw can then install backdoors or web shells to maintain access to the compromised sites, gain full admin access to fully compromise it, or even wipe the entire site.
2) If they can't register as users, they can exploit the second vulnerability affecting the Ultimate Addons for Elementor WordPress plugin (installed on over 110,000 sites) which will allow them to register as subscriber-level users on any site running the plugin even if user registration is disabled.
3) Then they proceed to use the newly registered accounts to exploit the Elementor Pro vulnerability and achieve remote code execution.

What should be done:
1) Apply appropriate updates provided by Elementor manually to affected systems, immediately after appropriate testing.
2) Update Elementor Pro to version 2.9.4 or above which fixes the remote code execution vulnerability.
3) For Ultimate Addons for Elementor, users should upgrade to version 1.24.2 or later.
4) Verify no unauthorized system modifications have occurred on the system before applying the patch.

For more details, refer the links given below:

https://www.wordfence.com/blog/2020/...sites-at-risk/
https://www.bleepingcomputer.com/new...over-1m-sites/

Please contact our support team if you have any questions.