The WordPress plugin known as Elementor, a page builder everyone knows and (kind of) loves, is under attack by hackers.
A critical vulnerability in Elementor continues to be exploited by attackers, specifically within the Plus Addons for the Elementor plugin.
It’s important to note that only the Plus Addons for Elementor are the parts being exploited, not the free version. The core version of Elementor is also not under attack.
Two new versions have been released to address this security issue: 4.1.6 was released once the attack was fully disclosed; 4.1.7 was subsequently released to fully address the issue. In other words, version 4.1.6 was only a partial patch. For anyone still on 4.1.6, it is still recommended that you update to 4.1.7.
What Type of Vulnerability Is This?
Wordfence, a security plugin development company, explains that this vulnerability is known as a Cross-Site Scripting Vulnerability.
According to them, it presents the following threat:
As Elementor has a contact method specifically for security reports, we were able to provide the full disclosure immediately. Elementor acknowledged the vulnerability the next day, on February 24, 2021. An initial patch was made available in version 3.1.2 on March 2, 2021. However, we recommend updating to at least Elementor version 3.1.4, the latest available at the time of this writing, as it contains additional fixes for the issue.
Wordfence Premium users received a firewall rule protecting against these vulnerabilities on February 23, 2021. Sites still running the free version of Wordfence will receive the same protection after 30 days, on March 25, 2021.”
The reason why this is such a significant issue is because these elements allow someone to add custom HTML tags for the content within the elements.
There are different options to set the tag depending on the element:
According to WordPress Tavern, Wordfence is also reporting that:
“Wordfence is reporting that they are still blocking attempts on sites that are using unpatched. They have blocked 1900 site takeover attempts from a specific username, blocked 1170 attempts from a specific email, and blocked 4,000 attempts over the past week. Attackers are still targeting sites that have not updated to the patched version.
“Evidence suggests it had been actively exploited for ~5 days before that,” Wordfence threat analyst Chloe Chamberland said on the Wordfence Live show today. “Our earliest date of compromise was March 5th that we know of so far. There was a vulnerability for a few days that nobody really knew about except for this attacker who was going out and exploiting it.”
Those whose sites have been exploited have seen malicious admin accounts created. Others have experienced every URL on their sites redirecting, making it very difficult to clean. Attackers have also been installing malicious plugins called “WP Strongs” and “WP Staff.” Those who cannot access the admin dashboard will have a more difficult time removing these plugins.”
Why This Vulnerability Is So Important to Correct
It’s important to ensure that you correct these vulnerabilities as quickly as possible because if you don’t, it may result in someone gaining the ability to take over your site entirely.
And if someone gains malicious access to your website, they can do whatever they want. All of the website’s private information will be accessible to them, and all of it can be deleted, altered, shared or published as they wish.
For most website administrators, a worse scenario is nearly impossible to imagine.
Remember to Update Your Plugins
Don’t forget to keep your plugins updated whenever these security announcements occur. This could mean the difference between keeping everything you have gained on your site and losing it all.
So far, Elementor has been great about ensuring that any reported vulnerabilities and weaknesses are addressed appropriately, so all that’s left for you to do is click update
Keep an eye out on the iloveseo.com blog for updates on the latest bugs, hacks, threats and vulnerabilities occurring in the world of SEO software.