WordPress Plugin Flaw Allows Attackers To Hijack 1M Websites

WordPress Plugin Flaw Allows Attackers To Hijack 1M Websites.webp

The widely used Elementor plugin Essential Addons for Elementor has been discovered to have a security flaw that allows unauthorized users to gain administrative control, potentially affecting millions of WordPress sites.

PatchStack recently disclosed a critical unconfirmed privilege escalation vulnerability, tracked as CVE-2023-32243, in versions 5.4.0 through 5.7.1 of the Elementor plugin for Essential Addons for Elementor, which allows potential attackers to reset by administrator to reset passwords and gain access. accounts.

Elementor:

A flaw in Elementor's core plugins

The vulnerability results from a lack of password reset key validation, which allows a user's password to be modified directly without proper authentication.

This critical vulnerability (CVE-2023-32243) presents serious consequences such as unauthorized data access, website spoofing, malware distribution, loss of trust, and legal compliance issues. However, malicious password recovery requires knowledge of the target system's username.

For the avoidance of doubt, an attacker must enter random values ​​for “page_id” and “widget_id” while providing a correct nonce (“eael-resetpassword-nonce”) to validate the password reset request and set a new password (“eael -pass1”). ' and 'eael-pass2') during operation.

PatchStack highlights the presence of a common plugin element or nonce value on the front page of a WordPress site because it is stored in the $this->localize_objects variable via the load_commnon_asset function. An attacker with a valid username set to the “rp_login” parameter can effectively take control of a targeted user's account by changing their password.

The security firm suggests that the plugin vendor effectively addressed the issue by implementing a feature to validate the existence and legitimacy of password reset keys in reset requests, releasing a fix for Essential Addons in Elementor 5.7.2, urging all users to update to the latest version immediately.

The vendor fixed the vulnerability by applying a simple patch using the “eael_resetpassword_rp_data_*” value to verify the password reset process, as the code directly reset the user's password without properly verifying the authenticity of the reset key.

Vulnerability

Disclosure schedule

Here below we have mentioned the complete disclosure schedule.

  • May 08, 2023 – We found the vulnerability and contacted the vendor of the plugin.
  • May 11, 2023 – Released major additions to Elementor version 5.7.2 to fix reported issues.
  • May 11, 2023 – The vulnerability was added to the Patchstack vulnerability database.

To ensure that certain actions are performed securely in WordPress, it is very important to implement access control and random checks and use check_password_reset_key functionespecially for login, registration, password reset/recovery and database interaction.

Struggling to apply security patches to your system? –
Try All-in-One Patch Manager Plus

READ  Hackers are using a WordPress plugin flaw to infect 3,300 websites with malware

Leave a Reply

Your email address will not be published. Required fields are marked *