Hackers target "critical" vulnerabilities in WordPress plugins

Latest campaign targets Elementor Pro and Ultimate Addons for Elementor

WordPress app icon on iOS device

WordPress has become an increasingly popular target for hackers. Most recently, cybercriminals have diligently exploited an array of security vulnerabilities within specific WordPress plugins with the goal of remotely executing arbitrary code and compromising unpatched targets.

According to Cyware, Wordpress plugin Elementor Pro has fallen prey to such attacks. With over 1 million active installations, the plugin’s vulnerability has been listed as “critical.”

Advertisement - Article continues below

By using a remote code execution bug, hackers with registered user access can upload arbitrary files to targeted sites and execute code remotely. After exploiting the flaw, hackers can then install backdoors that allow them to control access to the impacted sites and even erase them completely. 

Ultimate Addons for Elementor, a WordPress plugin with over 110,000 installations, also appears to be impacted. A vulnerability within this plugin allows the Elementor Pro vulnerability to be further exploited, even if the site doesn’t have user registration enabled. 

Cyware has deduced that Wordpress sites with unidentified subscriber-level users may have been compromised as part of this hack. Cyware encourages users to check their site for files named “wp-xmlrpc.php,” which could indicate the site has been compromised. 

Fortunately, Elementor has released patches related to these vulnerabilities included in version 2.9.4, which users can download now. Meanwhile, users of the Ultimate Addons for Elementor plugin can upgrade to version 1.24.2 to protect themselves from threats. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

All in all, WordPress appears to be having some difficulty keeping hackers off its platform. Bleeping Computer recently reported an attack that included upward of 900,000 WordPress sites. The attacks sought to redirect visitors to malvertising sites or plant backdoors if an administrator was currently logged in.

According to the report, the attacks were the work of a single actor who leveraged 24,000 IP‌ addresses to send malicious requests to the impacted sites.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/phishing/355810/zloader-malware-returns-as-a-coronavirus-phishing-scam
phishing

ZLoader malware returns as a coronavirus phishing scam

27 May 2020
Visit/security/hacking/355806/anarchygrabber-hack-steals-discord-tokens-ids-and-passwords
hacking

AnarchyGrabber hack steals Discord tokens, IDs and passwords

27 May 2020
Visit/security/hacking/355801/scammers-using-coronavirus-contact-tracing-in-hacking-attempt
hacking

Scammers leverage contact-tracing in hacking attempt

27 May 2020
Visit/security/phishing/355793/gitlab-phishes-its-remote-employees-and-1-in-5-fell-for-it
phishing

GitLab phished its employees and 20% handed over credentials

26 May 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
Visit/security/ransomware/355811/how-can-organisations-protect-themselves-from-nas-ransomware-attacks
ransomware

How can organisations protect themselves from NAS ransomware attacks?

28 May 2020