Hackers target "critical" vulnerabilities in WordPress plugins
Latest campaign targets Elementor Pro and Ultimate Addons for Elementor
WordPress has become an increasingly popular target for hackers. Most recently, cybercriminals have diligently exploited an array of security vulnerabilities within specific WordPress plugins with the goal of remotely executing arbitrary code and compromising unpatched targets.
According to Cyware, Wordpress plugin Elementor Pro has fallen prey to such attacks. With over 1 million active installations, the plugin’s vulnerability has been listed as “critical.”
By using a remote code execution bug, hackers with registered user access can upload arbitrary files to targeted sites and execute code remotely. After exploiting the flaw, hackers can then install backdoors that allow them to control access to the impacted sites and even erase them completely.
Ultimate Addons for Elementor, a WordPress plugin with over 110,000 installations, also appears to be impacted. A vulnerability within this plugin allows the Elementor Pro vulnerability to be further exploited, even if the site doesn’t have user registration enabled.
Cyware has deduced that Wordpress sites with unidentified subscriber-level users may have been compromised as part of this hack. Cyware encourages users to check their site for files named “wp-xmlrpc.php,” which could indicate the site has been compromised.
Fortunately, Elementor has released patches related to these vulnerabilities included in version 2.9.4, which users can download now. Meanwhile, users of the Ultimate Addons for Elementor plugin can upgrade to version 1.24.2 to protect themselves from threats.
All in all, WordPress appears to be having some difficulty keeping hackers off its platform. Bleeping Computer recently reported an attack that included upward of 900,000 WordPress sites. The attacks sought to redirect visitors to malvertising sites or plant backdoors if an administrator was currently logged in.
According to the report, the attacks were the work of a single actor who leveraged 24,000 IP addresses to send malicious requests to the impacted sites.
Unlocking collaboration: Making software work better together
How to improve collaboration and agility with the right techDownload now
Four steps to field service excellence
How to thrive in the experience economyDownload now
Six things a developer should know about Postgres
Why enterprises are choosing PostgreSQLDownload now
The path to CX excellence for B2B services
The four stages to thrive in the experience economyDownload now