VTA-00413 – Remote Code Execution (RCE) Vulnerability in WordPress’s Elementor Plugin
WordPress’ plugin Elementor, has recently released an important security fix to patch the vulnerability which allows authenticated users to have escalated privileges and achieve administrative rights, which was tracked as CVE-2022-1329. Authenticated users are able to use a function which supposedly is used to upload and install plugin in the location of ‘Elementor Pro’. However there are no checkpoints to ensure users without administrative rights are unable to execute additional commands or files. Hence the RCE occurs when both legit plugin and arbitrary code or files are present.
As long as the authenticated user is able to access the admin dashboard, the user is able to perform attacks such as web defacement or upload arbitrary files. This vulnerability affects Elementor versions 3.6.0 to 3.6.2 and has been fully disclosed. The security patch has been released with the 3.6.3 update. This vulnerability was categorized in the OWASP TOP 10 2021, and is placed in position #1 (Broken Access Control).
Severity:
High
Attack Surfaces:
Web Application
Tactics:
Execution, Privilege Escalation
Techniques:
Authentication bypass
Active Defense Tactics:
Detect, Disrupt
Active Defense Techniques:
Security Controls, Software Manipulation
SuperPRO’s Threat Countermeasures Procedures:
1) Update Elementor plugin to version 3.6.3 or newer
2) Ensure WordPress is updated to latest security patches and updates.
Contributed by: Izzy
Leave a Reply