Vulnerability in Elementor and Beaver Addons Exposes WordPress Sites to Hacking Risks

Recently, critical vulnerabilities were identified in two prominent WordPress plugins: “Ultimate Addons for Beaver Builder” and “Ultimate Addons for Elementor.” These vulnerabilities pose significant risks for users who have not updated to the latest versions.

Researchers have uncovered an authentication bypass vulnerability that allows attackers to gain administrative control of websites without needing passwords. This flaw creates an alarming scenario where unauthorized users can exploit the weakness with minimal effort.

The possibility of remote unauthorized access has already been materialized, as cybercriminals are reported to have begun exploiting this vulnerability just days after its discovery. By targeting websites still running the unpatched versions of these plugins, attackers can compromise systems and install backdoors for future access.

These affected plugins, developed by Brainstorm Force, are widely used across sectors, powering numerous websites built on the Elementor and Beaver Builder frameworks. Security experts at MalCare disclosed that the issue lies in the authentication processes that leverage Facebook and Google logins.

The flaw is primarily due to inadequate verification checks during the authentication process. When users attempt to log in via these platforms, lacking necessary validations permits malicious actors to gain access as any other user without needing to know their passwords. According to WebARX researchers, without a password mechanism in place, the exploitation of this vulnerability becomes increasingly simple.

To successfully carry out an attack, an adversary typically requires the email address of an administrative user, information that is often readily obtainable. WebARX has confirmed that once exploited, attackers can deploy malicious components, including fake SEO plugins, which can further jeopardize website integrity.

The vulnerabilities were reported to the developers on the same day of their discovery, leading to the release of patched versions within a remarkably swift timeframe. The vulnerable versions, which include “Ultimate Addons for Elementor” up to 1.20.0 and “Ultimate Addons for Beaver Builder” up to 1.24.0, have been addressed with new updates, with the secure versions now available being 1.20.1 and 1.24.1 respectively.

In terms of potential MITRE ATT&CK tactics relevant to this incident, adversaries likely employed techniques associated with initial access and privilege escalation. By exploiting these vulnerabilities, they gained unauthorized access and possibly established persistence within affected systems. Business owners are urged to promptly update their installations of these plugins to mitigate any risks.

As cybersecurity threats continue to evolve, staying informed and vigilant is paramount. A proactive approach to software updates will help secure web infrastructures against similar vulnerabilities in the future.