Researchers have issued warnings for eleven separate Elementor plugins with 15 vulnerabilities that could make it possible for hackers to upload malicious files. One of them is classified as a high-threat vulnerability because it could allow hackers to bypass access controls, execute scripts, and obtain sensitive data.
Two different types of vulnerabilities
Most of the vulnerabilities are Stored Cross Site Scripting (XSS). Three of them are including local files.
XSS vulnerabilities are among the most common form of vulnerability found in WordPress plugins and themes. They generally arise from flaws in how input data is secured (input sanitization) and also how output data is blocked (output leakage).
A local file inclusion vulnerability is one that exploits an insecure user input area that allows an attacker to “include” a file in the input. Include is a coding term. In plain English, a file include is a script thing (a statement) that tells the website to add file-specific code, such as a PHP file. I’ve used includes in PHP to take data from a file (like the title of a web page) and paste it into the meta description, this is an example of an include.
This type of vulnerability can be a serious threat because it allows an attacker to “include” a wide range of code which, in turn, can lead to the ability to bypass any restrictions on the actions that can be performed on the website and/or or allow access. to sensitive data that is normally restricted.
The Open Web Application Security Project (OWASP) define a local file inclusion vulnerability:
“File inclusion vulnerability allows an attacker to include a file, typically by exploiting the ‘dynamic file inclusion’ mechanisms implemented in the target application. The vulnerability occurs due to the use of supplied input by the user without proper validation.
This can result in something like the output of the file contents, but depending on the severity, it can also cause:
Executing code on the web server
Executing client-side code such as JavaScript that can lead to other attacks such as cross site scripting (XSS)
Denial of Service (DoS)
Disclosure of sensitive information”
List of vulnerable Elementor plugins
There are eleven additional Elementor plugins that have vulnerability notices, two of which were published today (March 29), two of which were published on March 28. The remaining seven were broadcast in recent days.
Some of the plugins have more than one vulnerability, so there are a total of 15 vulnerabilities in eleven of the plugins.
Of the eleven plugins, one is classified as a high-severity vulnerability and the rest are medium-severity.
Here is the list of plugins listed in descending order from newest to oldest. The numbers next to the vulnerabilities indicate if they have more than one vulnerability.
List of vulnerable Elementor plugins
ElementsKit Elementor Addons (x2) Unlimited Elements for 140+ Elementor Widgets | Best Elementor Plugins Best Elementor Plugins Elementor Plus Elements (x2) Elementor Master Plugins Elementor Plus Plugins (x2) Elementor Essential Plugins (x2) Elementor Pack Elementor Prime Slider Plugins – Elementor Move Plugins Addons for Elementor
High severity vulnerability
The high-severity vulnerability found in the ElementsKit Elementor Addons plugin for WordPress is of particular concern because it could put more than a million websites at risk. This vulnerability has a rating of 8.8 on a scale of 1 to 10.
What explains its popularity is the all-in-one nature of the plugin that allows users to easily modify virtually any page design feature in headers, footers, and menus. It also includes an extensive library of templates and 85 widgets that add additional functionality to web pages created with the Elementor website building platform.
The security researchers at Wordfence described vulnerability threat:
“The ElementsKit Elementor plugin for WordPress is vulnerable to local file inclusion in all versions up to and including 3.0.6 via the render_raw function. This makes it possible for authenticated attackers, with contributor-level access and higher, include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Millions of WordPress sites affected
The vulnerabilities may affect more than 3 million websites. Only two of the plugins have a total of three million active installs. Websites usually use only one of these plugins because there is some overlap between the features. The all-in-one nature of some of these plugins means that only one plugin is needed to access important widgets for adding sliders, menus, and other elements to your page.
List of vulnerable plugins by number of installations
Essential Addons for Elementor – 2 Million ElementsKit Elementor Addons – 1 Million Unlimited Elements for Elementor – 200k Elementor Addon Elementor – 100k The Plus Addons for Elementor – 100k Element Pack Elementor Addons – 100k Prime Slider – Addons for on Elementor – 100k Elementor – Master Addons 40k 140+ Widgets | Best Plugins for Elementor – 10k Motion Plugins for Elementor – 3k Best Plugins for Elementor – Unknown, Closed by WordPress
Recommended action
Although many of the medium-severity vulnerabilities require hackers to obtain contributor-level authentication to launch an attack, it’s best not to underestimate the risk that other installed plugins or themes can give the ‘attacking the ability to launch these specific attacks.
In general, it is wise to test updated themes before pushing the updates to a live site.
Read the official Wordfence notices (with CVE numbers):
A. 29/03 ElementsKit Elementor Plugins <= 3.0.6: Authenticated Stored Cross-Site Scripts (Contributor+) CVE-2024-1238
B. 29/03 ElementsKit Plugins Elementor <= 3.0.6 – Include authenticated local files (Contributor+) in render_raw CVE-2024-2047 8.8 HIGH THREAT
29/03 Unlimited Elements for Elementor <= 1.5.96: Authenticated Stored Cross-Site Scripts (Contributor+) via Widget Link CVE-2024-0367
3/28 More than 140 widgets | Best Plugins for Elementor – FREE <= 1.4.2 - Authenticated Stored Cross-Site Script (Contributor+) CVE-2024-2250
3/28 Best Elementor Plugins <= 1.4.1 - Authenticated Stored Cross-Site Script (Contributor+) via Widget Links CVE-2024-2280
A. Elements Addon Elementor <= 1.13.1: Scripts between authenticated stored sites (Contributor+) CVE-2024-2091
Master Plugins for Elementor <= 2.0.5.6: Authenticated Stored Cross-Site Script (contributor+) via Price Table Widget CVE-2024-2139
A. Plus Plugins for Elementor <= 5.4.1 - Inclusion of Authenticated Local Files (Contributor+) via Team Member List CVE-2024-2210
B. Plus Plugins for Elementor <= 5.4.1 - Authenticated local file inclusion (Contributor+) via client widget CVE-2024-2203
A. Essential Plugins for Elementor: The Best WooCommerce Templates, Widgets, Kits, and Builders from Elementor <= 5.9.11: Authenticated Stored Cross-Site Scripts (Contributor+) (via countdown widget message parameter) CVE-2024-2623
B. Essential Plugins for Elementor: The Best Elementor WooCommerce Templates, Widgets, Kits, and Builders <= 5.9.11 - Authenticated Stored Cross-Site Scripts (Contributor+) (via Woo Product Carousel widget’s alignment parameter) CVE-2024-2650
Elementor Plugins from Elementor Package <= 5.5.3: Scripts between authenticated stored sites (Contributor+) via link CVE-2024-30185
Prime Slider – Plugins for Elementor <= 3.13.1 - Stored cross-site sequencer authenticated (Contributor+) via title CVE-2024-30186
Move plugins for Elementor <= 1.2.9: Scripts between authenticated stored sites (Contributor+) CVE-2024-2131
Featured image by Shutterstock/Andrey Myagkov
[ad_2]
Source link
