New Flaw in WordPress Plugin Used by Over a Million Sites Under Active Exploitation

2023-05-12 05:43

A security vulnerability has been disclosed in the popular WordPress plugin Essential Addons for Elementor that could be potentially exploited to achieve elevated privileges on affected sites.

Successful exploitation of the flaw could permit a threat actor to reset the password of any arbitrary user as long as the malicious party is aware of their username.

The disclosure comes more than a year after Patchstack revealed another severe flaw in the same plugin that could have been abused to execute arbitrary code on compromised websites.

The findings also follow the discovery of a new wave of attacks targeting WordPress sites since late March 2023 that aims to inject the infamous SocGholish malware.

SocGholish is a persistent JavaScript malware framework that functions as an initial access provider to facilitate the delivery of additional malware to infected hosts.

"SocGholish malware is a prime example of this, as attackers have altered their approach in the past to inject malicious scripts into compromised WordPress websites."

News URL

https://thehackernews.com/2023/05/severe-security-flaw-exposes-over.html

#exploitation #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		49	36	410	104	29	579
Plugin		2	0	13	0	0	13