uTalk

thrive

Member

Registered: 2023-01-04

Posts: 2,068

A New Flaw in WordPress Plugin Again.

Essential Addons for Elementor, a popular WordPress plugin, has been found to have a security flaw that could be exploited to grant users elevated privileges on vulnerable websites.

The problem has been fixed by the plugin maintainers in version 5.7 and is known as CVE-2023-32243. 2 that was delivered on May 11, 2023. With over a million active installations, Essential Addons for Elementor is widely used.

According to Patchstack researcher Rafie Muhammad, "This plugin has an unauthenticated privilege escalation vulnerability that allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site.".

As long as the malicious party knows the user's username, successful exploitation of the flaw could allow a threat actor to reset any arbitrary user's password. It is thought that the flaw has existed since version 5.4. 0.

This could have detrimental effects because the flaw could be used as a weapon to reset the password for an administrator account and seize complete control of the website.

Muhammad noted that "this vulnerability occurs because the password reset function does not validate a password reset key and instead changes the user's password directly.".

The information was made public more than a year after Patchstack found another serious flaw in the same plugin that could have been exploited to run arbitrary code on infected websites.

The findings come in the wake of the discovery of a fresh wave of attacks targeting WordPress websites since late March 2023 with the intention of introducing the infamous SocGholish (also known as FakeUpdates) malware.

As an initial access provider to facilitate the distribution of additional malware to compromised hosts, SocGholish is a persistent JavaScript malware framework. Drive-by downloads disseminated the malware under the guise of web browser updates.

In order to hide the malware, lessen its impact, and evade detection, Sucuri's most recent campaign was discovered to use compression techniques with a software library called zlib.

According to Sucuri researcher Denis Sinegubko, "bad actors are continuously evolving their tactics, techniques, and procedures to evade detection and prolong the life of their malware campaigns.".

"SocGholish malware is a prime example of this, as attackers have modified their strategy in the past to inject malicious scripts into WordPress websites that have been compromised. ".

Not just SocGholish, either. In a technical report published this week, Malwarebytes described a malvertising campaign that targets users of adult websites with popunder ads that pretend to be a fake Windows update in order to remove the "in2al5d p3in4er" (also known as Invalid Printer) loader.

Comrade

Member

From: Utopia App Client

Registered: 2022-12-30

Posts: 1,703

Re: A New Flaw in WordPress Plugin Again.

Most viruses, spyware, and other unwanted bugs can be the attack of scammers or hackers, some certain plugins might bug in other to brigded fire walls.