Experts found that the extremely popular plugin for the WordPress website builder contained a serious vulnerability that could allow cybercriminals to take full control of the targeted website.
Cybersecurity researchers from PatchStack have discovered a vulnerability in the “Essential Addons for Elementor” plugin, an Elementor page builder library consisting of 90 different extensions.
The team claims that over a million WordPress sites have the library installed.
The vulnerability, which has already been patched, is tracked as CVE-2023-32243 and is described as an unauthenticated privilege escalation vulnerability in the password reset function. Researchers say that all versions from 5.4.0 to 5.7.1 are vulnerable. Apparently, it was relatively easy for a cybercriminal to reset the administrator account password, gain control, and thus take over the entire site.
“It’s possible to reset any user’s password as long as we know their username, so we’re able to reset the admin password and log into their account,” said PatchStack. “This security vulnerability occurs because this password reset feature fails to verify the password reset key and instead directly change the user’s password.”
When a malicious person takes control of a website, they can do many things, from stealing confidential information and identity theft to distributing malware and engaging in advertising scams.
Attackers need to know a few things before exploiting the vulnerability, including the system administrator’s username. They also need to set a random value in the “page_id” and “widget_id” POST inputs, otherwise the plugin will report an error to the actual admin. Also, they must contain a valid nonce in “eael-resetpassword-nonce”, as this checks for password reset and sets a new password in “eael-pass1” and “eael-pass2”.
If you are using Essential Addons for Elementor, make sure you update to 5.7.2.
By: Beeping Computer