Hackers exploit critical flaw in WordPress Royal Elementor plugin

Hackers exploit critical flaw in WordPress Royal Elementor plugin

October 16, 2023 at 03:13PM

A critical vulnerability in Royal Elementor Addons and Templates up to version 1.3.78 is being actively exploited by hackers. The flaw, tracked as CVE-2023-5360, allows unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution, compromising the websites. Two WordPress security firms have reported a significant increase in attacks leveraging this vulnerability. The vendor has released version 1.3.79 to fix the issue, and users are urged to update immediately. A website cleanup may be required to remove any infections or malicious files.

Meeting Notes Summary:
– A critical vulnerability (CVE-2023-5360) has been reported in Royal Elementor Addons and Templates up to version 1.3.78, which is being actively exploited by hackers.
– The vulnerability allows unauthenticated attackers to perform arbitrary file uploads on vulnerable sites, potentially leading to remote code execution and website compromise.
– Two WordPress security firms, Wordfence and WPScan, have observed a significant increase in attacks leveraging this flaw since August 30, 2023.
– Attackers have been using PHP scripts to create rogue admin accounts or act as backdoors on compromised websites.
– The vendor has released version 1.3.79 of the add-on to fix the vulnerability, and all users are advised to upgrade to this version.
– It is important to note that simply updating the add-on won’t remove infections or delete malicious files, so a website cleanup may be necessary in affected cases.

Please let me know if you have any questions or need further information.

Full Article