The WordPress plugin Essentials Addon for Elementor has more than a million installations. IT researchers have discovered a critical vulnerability that allows unregistered attackers from the network to completely compromise a WordPress instance. An updated version of the plug-in is available.
Version 5.7.2 is now available on the plugin website, which Essential Addons for Elementor users should install quickly. The vulnerability allows escalation of privileges on the system without prior authentication (CVE-2023-32243, CVSS 9.8Risk “critical“). It is found in the plug-in versions from 5.4.0 up to and including 5.7.1.
Critical vulnerability in Essential Addons for Elementor
In their analysis, Patchstack’s IT researchers explain that this plugin has a vulnerability that allows any unauthenticated user to escalate their rights to those of any user of the WordPress site.
It is therefore possible to reset the password of any user as long as their username is known. Attackers can reset the administrator’s password and log into their account. The vulnerability occurs because the password reset function does not validate an associated key and instead directly changes the password of the user in question, the patchstack staff further explain.
In the analysis, the IT researchers go into detail and discuss the vulnerability along with code snippets. The developers of the plug-in closed the gap within three days: the researchers reported it on Monday, and the updated plug-in was ready on Thursday. IT managers with a vulnerable WordPress installation should install the update as soon as possible.
At the beginning of April, a vulnerability classified as high-risk in the WordPress plugin Elementor Pro was actively exploited by attackers. This gave them administrative access to WordPress websites.