An attacker may upload malicious files and launch a remote code execution attack using the 8.8/10 WordPress plugin vulnerability.
A high-severity vulnerability that could enable an attacker to upload and execute files to the website server was found in the Elementor website builder plugin. The functionality of the template uploader is vulnerable.
Unrestricted Upload of Files Having Dangerous Type Vulnerability in Elementor
More than 5 million copies of the well-liked WordPress plugin Elementor website builder have been installed. The ease of use of its drag-and-drop capability for building websites with a professional appearance is what drives its appeal.
The 8.8/10 vulnerability in Elementor is supposed to expose websites that use it to Remote Code Execution, which allows an attacker to take complete control of the impacted website and execute different instructions.
Unrestricted Upload of File with Dangerous Type is the description of the vulnerability type. This type of vulnerability allows an attacker to upload malicious files and then use that file to execute commands on the server hosting the compromised website.
This type of problem is typically explained as follows:
“The product gives the attacker the ability to upload or transfer files of potentially harmful sorts that the product’s environment can automatically process.”
Wordfence explains one particular weakness:
“In all versions up to and including 3.18.0, the Elementor Website Builder †plugin for WordPress is susceptible to Remote Code Execution via file upload using the template import capability.
This allows contributor-level access and above-authenticated attackers to upload files and run programs on the system.
Additionally, Wordfence says that there isn’t a patch available to address this problem and advises removing Elementor.
“There isn’t a known patch available. Please carefully examine the vulnerability’s details and implement mitigations by the risk tolerance of your organization.
Update to Version 3.18.1 of Elementor
Today, Elementor published version 3.18.1 of their software. The Wordfence website now indicates that the vulnerability is unpatched, thus it is unclear if this patch resolves the issue.
This update is detailed in the changelog:
“Fix: File Upload mechanism’s enhanced enforcement of code security”
Since it’s a recently discovered vulnerability, more information could emerge. However, Wordfence cautions that since its commercial version had already stopped eleven hacking attempts at the time of posting the statement, hackers are now targeting Elementor websites.
