Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites

wordpress hacking
Share this article with your friends!

Researchers have disclosed flaws in two popular WordPress plugins that affect over 7 million websites that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios.

Flaws in Two Popular WordPress Plugins

The flaws were uncovered in Elementor, a website builder plugin used on more than seven million sites, and WP Super Cache, a tool used to serve cached pages of a WordPress site.

According to Wordfence, which discovered the security weaknesses in Elementor, the bug concerns a set of stored cross-site scripting (XSS) vulnerabilities (CVSS score: 6.4), which occurs when a malicious script is injected directly into a vulnerable web application.

In this case, due to a lack of validation of the HTML tags on the server-side, a bad actor can exploit the issues to add executable JavaScript to a post or page via a crafted request.

“Since posts created by contributors are typically reviewed by editors or administrators before publishing, any JavaScript added to one of these posts would be executed in the reviewer’s browser,” Wordfence said in a technical write-up. “If an administrator reviewed a post containing malicious JavaScript, their authenticated session with high-level privileges could be used to create a new malicious administrator, or to add a backdoor to the site. An attack on this vulnerability could lead to site takeover.”

Multiple HTML elements such as Heading, Column, Accordion, Icon Box, and Image Box were found vulnerable to the stored XSS attack, thereby making it possible for any user to access the Elementor editor and add an executable JavaScript.

Given that the flaws take advantage of the fact that dynamic data entered in a template could be leveraged to include malicious scripts intended to launch XSS attacks, such behavior can be thwarted by validating the input and escaping the output data so that the HTML tags passed as inputs are rendered harmless.

Separately, an authenticated remote code execution (RCE) vulnerability was discovered in WP Super Cache that could allow an adversary to upload and execute malicious code with the goal of gaining control of the site. The plugin is reported to be used on more than two million WordPress sites.

Following responsible disclosure on February 23, Elementor fixed the issues in version 3.1.4 released on March 8 by hardening “allowed options in the editor to enforce better security policies.” Likewise, Automattic, the developer behind WP Super Cache, said it addressed the “authenticated RCE in the settings page” in version 1.7.2.

It’s highly recommended that users of the plugins update to the latest versions to mitigate the risk associated with the flaws.

If you find it interesting, you can read about Hackers Are Targeting Microsoft Exchange Servers With Ransomware

What is Elementor?

Popular WordPress Plugins Elementor

Elementor is a drag-and-drop page builder for WordPress. This plugin helps you create beautiful pages using a visual editor. It’s designed for you to build dynamic websites quickly.

This WordPress plugin is an all-in-one solution letting you control every part of your website design in a single platform. You can customize your website to fit your brand with motion effects, multiple fonts, and enhanced background images.

What is WP Super Cache?

Popular WordPress Plugins WP Super Cache

WP Super Cache is a popular free caching plugin for WordPress users.
A caching plugin needs to generate a cached version of pages without taking too much of your server resources. Most caching plugins generate a cached file when a page is requested for the first time. After that, they keep those files stored for a pre-defined duration.

Caching is an advanced process, a plugin needs to make it easier even for non-technical users. The options can be extensive but they need to be presented with a clear user interface and lots of explanation.

JOIN OUR NEWSLETTER
Join over 1.000 visitors who are receiving our newsletter and get free eBooks, breaking news, learn how secure your data, your company accounts, database, clients passwords, get the best security advice and more.
We hate spam. Your email address will not be sold or shared with anyone else.

Share this article with your friends!