Critical Elementor Pro Vulnerability Exploited

Published 30 March 2023
Table of Contents

This security advisory is written about a critical Elementor Pro vulnerability originally disclosed by NinTechNet. Patchstack users have received a vPatch to protect their site against this vulnerability.

✌️ Our users are protected from this vulnerability. Are yours?

Web developers

Automatically mitigate vulnerabilities in real-time without changing code.

See pricing
Plugin developers

Identify vulnerabilities in your plugins and get recommendations for fixes.

Request audit
Hosting companies

Protect your users, improve server health and earn additional revenue.

Patchstack for hosts

Vulnerability information

On March 22, 2023, Elementor Pro released version 3.11.7 of its plugin which fixes a critical Elementor Pro vulnerability that in combination with the WooCommerce plugin running on the site allows any authenticated user (such as the subscriber or customer user role) to update any WordPress setting on the site. This is done through an AJAX action of Elementor Pro that does not have proper privilege control in place. Versions 3.11.6 and below are affected by this vulnerability.

Critical Elementor Pro Vulnerability Exploited

This makes it possible for a malicious user to turn on the registration page (if disabled) and set the default user role to administrator so they can create an account that instantly has administrator privileges. After this, they are likely to redirect the site to another malicious domain or upload a malicious plugin or backdoor to exploit the site further.

What is Elementor?

Elementor Ltd. is an Israeli software development company mostly known as Elementor WordPress website builder.

The Elementor website builder lets WordPress users create and edit websites with a responsive drag-and-drop technique. Elementor is offered in a freemium version and Elementor Pro.

Elementor itself says that Elementor is a visual WordPress website builder that replaces the basic WordPress editor with a live frontend editor, so you can create complex layouts visually, and design your website live, without having to switch between the editor and the preview mode.

Critical Elementor Pro Vulnerability

According to WordPress.org Elementor has 5+ million active installations and includes a variety of 40+ free widgets for you to build you WordPress website.

Critical Elementor Pro vulnerability exploited

This Elementor vulnerability is currently being exploited and we are seeing attacks from multiple IP addresses, most of these attacks are from the following IP addresses:

  • 193.169.194.63
  • 193.169.195.64
  • 194.135.30.6

We are also seeing files being uploaded with the following file names:

  • wp-resortpack.zip
  • wp-rate.php
  • lll.zip

We are also seeing site URLs being changed to the following:

  • away[dot]trackersline[dot]com

It is recommended to update your site as soon as possible if you are running the Elementor Pro plugin with a version lower than 3.11.7.

🤝 You can help us make the Internet a safer place

Plugin developer?

Streamline your disclosure process to fix vulnerabilities faster and comply with CRA.

Get started for free
Hosting company?

Protect your users too! Improve server health and earn added revenue with proactive security.

Patchstack for hosts
Security researcher?

Report vulnerabilities to our gamified bug bounty program to earn monthly cash rewards.

Learn more

The latest in Security Advisories

Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.
crossmenu