MalCare Stands Strong Against Attacks Exploiting the Elementor Plugin v3.18.1 RCE Vulnerability

Recently, a critical vulnerability was discovered in the Elementor plugin, the popular page-building tool for WordPress. This vulnerability posed a significant risk to the millions of websites using the plugin worldwide. Here, we detail the nature of the vulnerability and how MalCare’s state-of-the-art Atomic Security provided a timely defense for all the WordPress sites it protects.

What is the Elementor plugin vulnerability?

The free Elementor plugin is one of the most popular website page builder plugins in the WordPress ecosystem. With over 5 million active installations, Elementor has stood out as the choice of many WordPress users when it comes to designing and building their websites.

Plugin information

• Vulnerable plugin version: v3.18.1 and earlier
• Patch release version: v3.18.2 and later

About the vulnerability

On December 6, 2023, reports disclosed a severe vulnerability in the Elementor plugin. This vulnerability allowed malicious actors to perform Remote Code Execution (RCE) attacks using Elementor’s theme import functionality on websites using plugin versions 3.18.1 and earlier.

This vulnerability is an authenticated arbitrary file upload flaw. This meant that an attacker could potentially upload any file to the site, including scripts that could execute malicious operations. The attacker needed to have an account with edit post permissions, or roles, of Contributor or above on the target website. 

The vulnerability has now been patched with the release of v3.18.2 on December 8, 2023.

How is your WordPress website at risk?

WordPress sites with the Elementor plugin v3.18.1 or earlier were at risk of being hijacked by attackers who could exploit the arbitrary file upload vulnerability to upload harmful files. This was possible due to the vulnerable code that existed in the handle_elementor_upload function. This function allowed a file to be saved in a tmp directory created in Elementor’s directory on the WordPress site.

However, an attacker could craft a malicious PHP file with a name that had a path in it such that when this function tried saving this file, it would be redirected to another directory that the hacker had inserted, like wp-content/uploads. What’s more interesting is that the function did not check for the allowed file extensions until after the file had been uploaded.

Together, all this presented an opportunity for hackers to attack WordPress sites with the vulnerable Elementor plugins. Such an attack could manipulate website content, steal sensitive data, or even distribute malware to site visitors; a trifecta of threats that any website owner dreads.

Who discovered this vulnerability?

The vulnerability was initially discovered in Elementor plugin v3.17.3 by security researcher Hồng Quân on November 27, 2023. Subsequently, the Elementor team released v3.18.1 on December 6, 2023, to patch this vulnerability. Unfortunately, the patch did not address this vulnerability wholly. When the Elementor team was informed of this, they quickly released v3.18.2 on December 8, 2023, which has fully patched this issue.

MalCare’s preemptive strike: Atomic Security at work

Before Elementor could even patch the vulnerability, MalCare’s Atomic Security had already safeguarded all the sites that had MalCare installed. Through its intelligent and proactive defense mechanisms, MalCare ensured that potential exploits were neutralized, effectively placing a powerful barrier between the vulnerability and the websites it protected. This safeguarding act was made possible by MalCare’s ability to detect and block suspicious behavior indicative of exploit attempts, thereby providing continuous security.

Other ways in which MalCare protects websites

While blocking exploits of the Elementor vulnerability was crucial, it’s worth noting that MalCare’s protective suite is extensive. Besides real-time threat detection and blocking, MalCare offers:

• deep malware scanning and an automated one-click malware removal service, ensuring that any trace of a breach is swiftly dealt with,
• a built-in firewall that continuously guards against new threats, and
• regular security audits ensure that vulnerabilities are patched before they can be exploited.

In conclusion

The arbitrary file upload vulnerability in Elementor has been a sobering reminder of the constant vigilance required to keep WordPress sites secure. MalCare’s Atomic Security acted as a formidable line of defense during this crisis, and its holistic approach to site security continues to shield thousands of WordPress websites. Its intuitive design, coupled with cutting-edge technology, establishes MalCare as a top-tier solution for anyone looking to secure their online presence against the ever-evolving threats to website security.