A critical vulnerability that poses a serious threat to the security of WordPress websites has been discovered in the Elementor Pro plugin.
Our investigation revealed that the vulnerability is due to the Elementor Pro plugin registering an action with user-supplied input that is intended to be used only by high privileged users for updating WooCommerce options. However, the plugin lacks any check for user capabilities, which means that every logged-in user can exploit this vulnerability to gain unauthorized administrator access to WordPress.
Once an attacker has admin access, it becomes easy to execute remote code on the hosting machine, leading to a completely compromised website. This can be disastrous for businesses and individuals alike, as it can result in sensitive data breaches, loss of revenue, and damaged reputation.
Our team at Secragon has developed an exploit that demonstrates how easy it is to exploit this vulnerability. However, we will not be publishing it at this time to prevent malicious actors from taking advantage of it. It is important to note that this vulnerability affects millions of WordPress installations worldwide, and it is imperative that users update their Elementor Pro plugin as soon as possible.
Related Resources
WordPress Ultimate Member Plugin: Unauthorized Database Access / SQL Injection
Penetration Testing ROI
Insights into how mature security organizations measure and demonstrate ROI in offensive
Elementor Pro: Unauthorized Admin Access
WooCommerce Payments: Unauthorized Admin Access
