9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
A critical vulnerability affecting Royal Elementor plugins and templates prior to version 1.3.78 is reportedly being exploited by two WordPress security teams. Since the vulnerability was detected before
A critical vulnerability affecting Royal Elementor plugins and templates prior to version 1.3.78 is reportedly being exploited by two WordPress security teams. Since the vulnerability was detected before the vendor released a patch, hackers exploited the flaw as a zero-day.
Royal Elementor Plugins and Templates from WP Royal is a website building kit that allows you to quickly create web elements without any programming knowledge. According to WordPress.org, it has over 200,000 active installations.
The vulnerability affecting the plugin is tracked as CVE-2023-5360 (CVSS v3.1: 9.8 “Critical”) and allows unauthenticated attackers to perform arbitrary file uploads to vulnerable sites.
Although the plugin has an extension control feature that limits downloads to only certain allowed file types, unauthenticated users can modify the “whitelist” to bypass sanitization and checks.
Attackers could potentially achieve remote code execution through this stage of the file download, resulting in a complete takeover of the website. No further technical details about the flaw are provided in order to prevent widespread use.
Two WordPress security firms, Wordfence and WPScan (Automattic), have flagged CVE-2023-5360 as an active exploit since August 30, 2023, and attacks have increased since October 3, 2023.
Wordfence reports that it blocked more than 46,000 attacks targeting Royal Elementor last month, while WPScan recorded 889 cases where attackers dropped ten different payloads after exploiting the flaw.
Most of the payloads used in these attacks are PHP scripts that attempt to create a WordPress admin named “wordpress_administrator” or act as a backdoor.
WordPress says most attacks originate from just two IP addresses, so this exploit may only be known to a small number of threat actors. On October 3, the add-on vendor was contacted for full details and on October 6, 2023, they released Royal Elementor Addons and Templates version 1.3.79 to fix the flaw. All users of the plugin are recommended to update to this version as soon as possible.
If you don’t have access to commercial scanning solutions, you can use this free scanner to determine your website’s vulnerability to attacks. Note that updating the plugin to version 1.3.79 will not automatically remove any infections or malicious files, so in such cases the website will need to be cleaned.
Source: Port Altele
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
