Hackers target "critical" vulnerabilities in WordPress plugins

Latest campaign targets Elementor Pro and Ultimate Addons for Elementor

WordPress has become an increasingly popular target for hackers. Most recently, cybercriminals have diligently exploited an array of security vulnerabilities within specific WordPress plugins with the goal of remotely executing arbitrary code and compromising unpatched targets.

According to Cyware, Wordpress plugin Elementor Pro has fallen prey to such attacks. With over 1 million active installations, the plugin’s vulnerability has been listed as “critical.”

By using a remote code execution bug, hackers with registered user access can upload arbitrary files to targeted sites and execute code remotely. After exploiting the flaw, hackers can then install backdoors that allow them to control access to the impacted sites and even erase them completely. 

Ultimate Addons for Elementor, a WordPress plugin with over 110,000 installations, also appears to be impacted. A vulnerability within this plugin allows the Elementor Pro vulnerability to be further exploited, even if the site doesn’t have user registration enabled. 

Cyware has deduced that Wordpress sites with unidentified subscriber-level users may have been compromised as part of this hack. Cyware encourages users to check their site for files named “wp-xmlrpc.php,” which could indicate the site has been compromised. 

Fortunately, Elementor has released patches related to these vulnerabilities included in version 2.9.4, which users can download now. Meanwhile, users of the Ultimate Addons for Elementor plugin can upgrade to version 1.24.2 to protect themselves from threats. 

All in all, WordPress appears to be having some difficulty keeping hackers off its platform. Bleeping Computer recently reported an attack that included upward of 900,000 WordPress sites. The attacks sought to redirect visitors to malvertising sites or plant backdoors if an administrator was currently logged in.

According to the report, the attacks were the work of a single actor who leveraged 24,000 IP‌ addresses to send malicious requests to the impacted sites.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

How the right software can improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022