HQ/EMEAFind out how we can help your business
Hackers have actively exploited a newly discovered critical vulnerability in the Royal Elementor plugin for WordPress.
A couple of WordPress security teams have confirmed the issue, which exploits an alleged zero-day flaw since it happened before the vendor issued a patch. The Royal Elementor Addons and Templates, developed by ‘WP Royal,’ is a website-building toolkit allowing users to create web elements without coding expertise. This plugin has already acquired more than 200,000 active installations.
The Royal Elementor plugin flaw could allow hackers to execute arbitrary file uploads.
The Royal Elementor plugin flaw is tracked as CVE-2023-5360. This vulnerability could permit unauthenticated users to execute arbitrary file uploads on susceptible websites.
Despite the plugin’s extension validation protocol that restricts uploads to specific, authorised file types, unauthenticated users can alter the ‘allowed list’ to bypass sanitisation and checks.
Hence, this modification could allow attackers to run remote code execution, leading to complete website compromise.
Researchers intentionally withheld a detailed technical review of this vulnerability to prevent widespread exploitation.
On the other hand, threat actors have exploited this vulnerability to create unauthorised admin accounts. Two WordPress security firms have identified CVE-2023-5360 as actively used since August 30, 2023, with an increase in attack frequency noted from October 3, 2023. Most of these payloads used in the attacks are PHP scripts that aim to create a WordPress administrator user named ‘wordpress_administrator’ or establish a backdoor.
In addition, the researchers emphasised that most of these attacks originate from two IP addresses, indicating that the exploit is only exclusive to a handful of threat actors.
Concerned individuals informed the plugin developer about the issue on October 3. Fortunately, the vendor immediately released the Royal Elementor Addons and Templates version 1.3.79 on October 6, 2023, to address the vulnerability. Therefore, active users of this addon should update their plugins to the latest version as soon as possible.
Users should be responsible for their WordPress websites and take the necessary steps to prevent such exploits. The revelation of this exploit would allow threat actors to join the attempts to compromise such websites, so users should now update their websites.
