A notable security vulnerability has emerged within the widely used WordPress plugin, Essential Addons for Elementor. This vulnerability, recognized as CVE-2023-32243, allows potential attackers to escalate privileges on compromised sites, posing significant risks to website security.
The plugin’s maintainers addressed this issue in version 5.7.2, released on May 11, 2023. With over a million active installations, the Essential Addons for Elementor plugin is popular among WordPress users who utilize it to enhance their website functionalities.
According to Patchstack researcher Rafie Muhammad, the vulnerability allows any unauthenticated user to elevate their privileges, effectively gaining access comparable to any user on the site. This flaw has been present since version 5.4.0.
Exploitation of this vulnerability can result in severe consequences, such as unauthorized password resets for any user, including administrators, provided that the attacker knows the target’s username. The specific mechanism behind this flaw stems from the password reset function failing to validate the reset key, thereby enabling direct manipulation of user passwords.
The disclosure of this vulnerability follows a previous revelation of another serious flaw in the same plugin last year, which exposed users to arbitrary code execution. This latest finding arrives amidst a resurgence of attacks targeting WordPress sites, particularly those aimed at delivering the notorious SocGholish malware, which compromises sites by masquerading as browser updates.
Further complicating the security landscape, the recent campaign identified by Sucuri uses advanced evasion techniques like utilizing the zlib software library for malware concealment. As noted by Sucuri researcher Denis Sinegubko, attackers are continuously refining their tactics to extend the longevity of their campaigns while evading detection.
In an even broader context, Malwarebytes reported on a malvertising campaign that leverages adult websites to deliver deceptive popunder ads, further illustrating the diverse and evolving threats in the cybersecurity space. This campaign introduces the “in2al5d p3in4er” loader, a malicious entity capable of triggering the Aurora information stealer malware based on the system environment.
This latest series of events highlights the ongoing exploitation of the Essential Addons for Elementor plugin, with Wordfence reporting that approximately 200 attack attempts were intercepted in a single day related to this vulnerability. The risks are particularly pronounced as the exploitation exploits unverified changes to user accounts, underscoring the importance for businesses to adopt timely updates and robust security measures.
For those managing WordPress sites, this incident serves as a critical reminder of the need to maintain vigilance against emerging vulnerabilities. As cyber adversaries increasingly utilize tactics from the MITRE ATT&CK framework, including initial access and privilege escalation, it is essential to implement proactive strategies for detection and remediation.