A security vulnerability in "Wordpress" threatens 11 million websites
According to what was published by the technical website gadgetsnow, this vulnerability threatens about 11 million websites that rely on WordPress.
Shrouq
There is a serious security vulnerability in "Word Press", the global platform specialized in designing various website templates.
Hackers exploit the flaw in the WordPress plugin, taking advantage of the vulnerability to create an administrator account by enabling registration and assigning the default role to administrator, changing the email address of the administrator, or redirecting all traffic to an external malicious website. By changing the URL of the site among many other possibilities.
Threat 11 million websites
According to what was published by the technical website gadgetsnow, this vulnerability threatens about 11 million websites that rely on WordPress.
Hackers exploit the bug and install this plugin along with WooCommerce, and this bug allows authenticated users such as store customers or site members to change site settings.
The bug can also be used by hackers to perform a complete site takeover.
Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said.
The vulnerability, which carries a severity rating of 8.8 out of a possible 10, is present in Elementor Pro, a premium plugin running on more than 12 million sites powered by the WordPress content management system.
Elementor Pro allows users to create high-quality websites using a wide range of tools, one of which is WooCommerce, a separate WordPress plugin. When those conditions are met, anyone with an account on the site—say a subscriber or customer—can create new accounts that have full administrator privileges.
The vulnerability was discovered by Jerome Bruandet, a researcher with security firm NinTechNet. Last week, Elementor, the developer of the Elementor Pro plugin, released version 3.11.7, which patched the flaw. In a post published on Tuesday, Bruandet wrote:
Now, researchers with a separate security firm, PatchStack, report that the vulnerability is under active exploitation. Attacks are coming from a variety of IP addresses, including:
• 193.169.194.63
• 193.169.195.64
• 194.135.30.6
Files uploaded to compromised sites often have the following names:
• wp-resortpack.zip
• wp-rate.php
• lll.zip
Anyone using Elementor Pro should ensure they’re running 3.11.7 or later, as all previous versions are vulnerable. It’s also a good idea for these users to check their sites for the signs of infection listed in the PatchStack post.
