MalCare Stands Strong Against Attacks Exploiting the Elementor Plugin v3.18.1 RCE Vulnerability

by

7-layers of Security for Your WordPress Site

Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.

Recently, a critical vulnerability was discovered in the Elementor plugin, the popular page-building tool for WordPress. This vulnerability posed a significant risk to the millions of websites using the plugin worldwide. Here, we detail the nature of the vulnerability and how MalCare’s state-of-the-art Atomic Security provided a timely defense for all the WordPress sites it protects.

What is the Elementor plugin vulnerability?

The free Elementor plugin is one of the most popular website page builder plugins in the WordPress ecosystem. With over 5 million active installations, Elementor has stood out as the choice of many WordPress users when it comes to designing and building their websites.

Elementor plugin

Plugin information

  • Vulnerable plugin version: v3.18.1 and earlier
  • Patch release version: v3.18.2 and later
Elementor plugin details

About the vulnerability

On December 6, 2023, reports disclosed a severe vulnerability in the Elementor plugin. This vulnerability allowed malicious actors to perform Remote Code Execution (RCE) attacks using Elementor’s theme import functionality on websites using plugin versions 3.18.1 and earlier.

Remote code execution attack image
Credits: wallarm.com

This vulnerability is an authenticated arbitrary file upload flaw. This meant that an attacker could potentially upload any file to the site, including scripts that could execute malicious operations. The attacker needed to have an account with edit post permissions, or roles, of Contributor or above on the target website. 

The vulnerability has now been patched with the release of v3.18.2 on December 8, 2023.

How is your WordPress website at risk?

WordPress sites with the Elementor plugin v3.18.1 or earlier were at risk of being hijacked by attackers who could exploit the arbitrary file upload vulnerability to upload harmful files. This was possible due to the vulnerable code that existed in the handle_elementor_upload function. This function allowed a file to be saved in a tmp directory created in Elementor’s directory on the WordPress site.

However, an attacker could craft a malicious PHP file with a name that had a path in it such that when this function tried saving this file, it would be redirected to another directory that the hacker had inserted, like wp-content/uploads. What’s more interesting is that the function did not check for the allowed file extensions until after the file had been uploaded.

Together, all this presented an opportunity for hackers to attack WordPress sites with the vulnerable Elementor plugins. Such an attack could manipulate website content, steal sensitive data, or even distribute malware to site visitors; a trifecta of threats that any website owner dreads.

Who discovered this vulnerability?

The vulnerability was initially discovered in Elementor plugin v3.17.3 by security researcher Hồng Quân on November 27, 2023. Subsequently, the Elementor team released v3.18.1 on December 6, 2023, to patch this vulnerability. Unfortunately, the patch did not address this vulnerability wholly. When the Elementor team was informed of this, they quickly released v3.18.2 on December 8, 2023, which has fully patched this issue.

Elementor plugin changelog

MalCare’s preemptive strike: Atomic Security at work

Before Elementor could even patch the vulnerability, MalCare’s Atomic Security had already safeguarded all the sites that had MalCare installed. Through its intelligent and proactive defense mechanisms, MalCare ensured that potential exploits were neutralized, effectively placing a powerful barrier between the vulnerability and the websites it protected. This safeguarding act was made possible by MalCare’s ability to detect and block suspicious behavior indicative of exploit attempts, thereby providing continuous security.

Other ways in which MalCare protects websites

While blocking exploits of the Elementor vulnerability was crucial, it’s worth noting that MalCare’s protective suite is extensive. Besides real-time threat detection and blocking, MalCare offers:

In conclusion

The arbitrary file upload vulnerability in Elementor has been a sobering reminder of the constant vigilance required to keep WordPress sites secure. MalCare’s Atomic Security acted as a formidable line of defense during this crisis, and its holistic approach to site security continues to shield thousands of WordPress websites. Its intuitive design, coupled with cutting-edge technology, establishes MalCare as a top-tier solution for anyone looking to secure their online presence against the ever-evolving threats to website security.

Category:

You may also like


dns hijacking
DNS Hijacking: All You Need to Know About It

Have you ever typed a familiar URL into your browser only to land on a strange, unfamiliar website? Imagine your visitors facing the same dilemma when accessing your website. They…

How to Protect Your Website from Hackers
How to Protect Your Website from Hackers

Every day, small businesses become victims of cyber attacks. Hackers break into websites, steal customer data, and damage reputations. Your website, which is vital for your business, is at risk…

What are Website Backdoors and How to Clean Them?
What are Website Backdoors and How to Clean Them?

Are you frustrated with your website getting hacked again and again, even after you’ve cleaned it each time? You’ve spent hours fixing your site, only to find that the problem…

How can we help you?

If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.

My site is hacked – Help me clean it

Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.

Secure my WordPress Site from hackers

MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.