Active Exploitation of High-Severity Vulnerability in Elementor Pro

Published on 01 Apr 2023 | Updated on 01 Apr 2023

There are reports of active exploitation of a high-severity vulnerability in Elementor Pro to redirect visitors to malicious domains, or upload backdoors to the compromised site. Elementor Pro is a WordPress page builder plugin that also features a WooCommerce builder for online shops. 

 Successful exploitation of the vulnerability, in combination with the WooCommerce plugin running on a site, could allow any authenticated user (such as customers or site members) to change the site's settings and even perform a complete site takeover. This is due to an Asynchronous JavaScript and XML (AJAX) action of Elementor Pro that does not have proper privilege control in place.

 The vulnerability affects Elementor Pro versions 3.11.6 and earlier. 

 Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:
https://patchstack.com/articles/critical-elementor-pro-vulnerability-exploited/

https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-3-11-6-authenticated-arbitrary-options-change-vulnerability

https://www.bleepingcomputer.com/news/security/hackers-exploit-bug-in-elementor-pro-wordpress-plugin-with-11m-installs/