HQ/EMEAFind out how we can help your business
Hackers have immediately leveraged the PoC for the add-ons for the Elementor plugin version on thousands of WordPress sites in a widespread internet scan. The PoC showed how the flaw could execute an account password reset for vulnerable websites.
Researchers tracked the critical vulnerability as CVE-2023-32243 and affects Essential Addons for Elementor 5[.]4[.]0 to 5[.]7[.]1. The bug could allow an authenticated attacker to arbitrarily reset the passwords of admin accounts and take over the flawed WordPress websites.
Researchers discovered the critical flaw earlier this month, impacting over a million websites. The vendor rolled out a fix not long after, but websites still run on the vulnerable version of the plugin.
The Elementor plugin proof-of-concept became available on GitHub.
Based on reports, the proof-of-concept (PoC) for the Elementor plugin became available last May 14th, which the actors immediately picked up and used to orchestrate attacks.
During those times, a well-known forum reported that their site got hit by hackers who reset the administrator password by abusing the flaw. Still, researchers could yet identify the scale of the exploitation.
However, a recent report published earlier this week has revealed information about the attacks. The company claimed to observe millions of potential attempts for the plugin’s existence on sites and has obstructed nearly 7,000 exploitation attempts.
Furthermore, the same company tallied 5 million attempted scans that looked for the flawed plugin’s readme[.]txt file, which includes the plugin’s version information, revealed that the site is vulnerable to abuse.
These incidents have implied that numerous threat groups have begun to search for flawed websites as soon as the PoC surfaced. Separate research revealed several IP addresses with the most exploitation attempts for the recent vulnerability. These addresses are ‘185.244.175.65 and ‘185.496.220.26.’
However, the IP address with the most considerable volume of attempted exploits that leveraged the available PoC on GitHub is 78.128.60.112. The recent tally from other high-ranking IPs ranges from 100 to 500 exploit attempts.
Therefore, websites that run on the Essential add-ons for the Elementor plugin should apply the latest security update, version 5[.]7[.]2 or newer, to fend off these attempted exploits.
