Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Vulnerability That Allows Complete WordPress Site Takeover Exploited in the Wild

A critical vulnerability identified in The Plus Addons for Elementor WordPress plugin could be exploited to gain administrative privileges to a website. The zero-day has been exploited in the wild, the Wordfence team at WordPress security company Defiant warns.

A critical vulnerability identified in The Plus Addons for Elementor WordPress plugin could be exploited to gain administrative privileges to a website. The zero-day has been exploited in the wild, the Wordfence team at WordPress security company Defiant warns.

With more than 30,000 installations to date, The Plus Addons for Elementor is a premium plugin that has been designed to add several widgets to be used with the popular WordPress website builder Elementor.

The identified issue, Wordfence explains, resides in one of the added widgets, which provides the ability to insert user login and registration forms to Elementor pages.

Because the functionality is not properly configured, an attacker can create a new administrative user account on the vulnerable site, or even to log in as an existing administrative user, the researchers reveal.

All users of The Plus Addons for Elementor plugin are advised to deactivate and remove the plugin until a fix has been delivered for this zero-day. All registration or login widgets added by the plugin should be removed, and registration on vulnerable sites disabled.

The researchers also note that the free version of the plugin, namely The Plus Addons for Elementor Lite, is not affected by the same vulnerability. Thus, users should switch to the free version instead, until the vulnerability is addressed.

“It should be noted that this vulnerability can still be exploited even if you do not have an active login or registration page that was created with the plugin. This means that any site running this plugin is vulnerable to compromise,” Wordfence says.

The researchers also note that the vulnerability is currently being actively exploited. Thus, no further details on the issue are being released for the time being.

Advertisement. Scroll to continue reading.

“We believe that attackers are adding user accounts with usernames as the registered email address based on how the vulnerability creates user accounts, and in some cases installing a malicious plugin labeled wpstaff. We strongly recommend checking your site for any unexpected administrative users or plugins you did not install,” Wordfence concludes.

The researchers have created a proof-of-concept and contacted the plugin’s developers, who are reportedly working on a patch.

Related: Many WordPress Sites Affected by Vulnerabilities in ‘Popup Builder’ Plugin

Related: Vulnerabilities in NextGEN Gallery Plugin Exposed Many WordPress Sites to Takeover

Related: WordPress Malware Targets WooCommerce Stores

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.