October 17, 2023 at 05:54AM
Researchers have discovered a critical vulnerability in the Royal Elementor Addons and Templates WordPress plugin that has been exploited for over a month. The bug allows attackers to upload arbitrary files to vulnerable sites, leading to remote code execution. The vulnerability has been targeted in over 46,000 attacks, with most attempts focused on creating malicious administrator accounts. Users are advised to update to version 1.3.79 to patch the vulnerability.
Meeting Takeaways:
– A critical-severity vulnerability has been discovered in the Royal Elementor Addons and Templates WordPress plugin, which is being exploited as a zero-day.
– The vulnerability allows unauthenticated attackers to upload arbitrary files to vulnerable sites, leading to remote code execution.
– The flaw affects all versions of Royal Elementor prior to 1.3.79.
– The vulnerability has been exploited in malicious attacks since at least August 30, with an increase in activity observed on October 3.
– The attacks mainly originate from three different IP addresses.
– Attackers have been deploying malicious files into the /wpr-addons/forms/ directory.
– Site administrators should check for the presence of malicious PHP files, including one creating a user account named ‘wordpress_administrator’, in the /wpr-addons/forms/ directory.
– Threat actors have been using the vulnerability to upload malware to compromised websites.
– It is recommended for administrators and site owners to update to Royal Elementor version 1.3.79, which addresses the vulnerability.
– The patched version has been available since October 6.