Hackers target "critical" vulnerabilities in WordPress plugins

Latest campaign targets Elementor Pro and Ultimate Addons for Elementor

WordPress has become an increasingly popular target for hackers. Most recently, cybercriminals have diligently exploited an array of security vulnerabilities within specific WordPress plugins with the goal of remotely executing arbitrary code and compromising unpatched targets.

According to Cyware, Wordpress plugin Elementor Pro has fallen prey to such attacks. With over 1 million active installations, the plugin’s vulnerability has been listed as “critical.”

By using a remote code execution bug, hackers with registered user access can upload arbitrary files to targeted sites and execute code remotely. After exploiting the flaw, hackers can then install backdoors that allow them to control access to the impacted sites and even erase them completely. 

Ultimate Addons for Elementor, a WordPress plugin with over 110,000 installations, also appears to be impacted. A vulnerability within this plugin allows the Elementor Pro vulnerability to be further exploited, even if the site doesn’t have user registration enabled. 

Cyware has deduced that Wordpress sites with unidentified subscriber-level users may have been compromised as part of this hack. Cyware encourages users to check their site for files named “wp-xmlrpc.php,” which could indicate the site has been compromised. 

Fortunately, Elementor has released patches related to these vulnerabilities included in version 2.9.4, which users can download now. Meanwhile, users of the Ultimate Addons for Elementor plugin can upgrade to version 1.24.2 to protect themselves from threats. 

All in all, WordPress appears to be having some difficulty keeping hackers off its platform. Bleeping Computer recently reported an attack that included upward of 900,000 WordPress sites. The attacks sought to redirect visitors to malvertising sites or plant backdoors if an administrator was currently logged in.

According to the report, the attacks were the work of a single actor who leveraged 24,000 IP‌ addresses to send malicious requests to the impacted sites.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021