MalCare Blocks 11000+ Attacks on Royal Elementor Plugin v1.3.78 RCE Vulnerability Before Patch Release

by

7-layers of Security for Your WordPress Site

Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.

MalCare blocked more than 11000 attempts to exploit the recently discovered Royal Elementor plugin vulnerability. Our firewall protected sites for over a week before the vulnerability was patched and for more than two weeks before it was disclosed. 

This incident is a great showcase of MalCareā€™s new proactive threat defense capabilities: Atomic Security, which ensures your WordPress sites remain secure 24/7/365.

What happened

From September 29 to October 18, 2023, MalCare blocked over 11000 attempts to attack our customer sites using the Royal Elementor plugin vulnerability. These attacks originated from multiple IPs based all over the world. We also saw a tremendous spike in attack numbers once the vulnerability was disclosed publicly.

Here are the MalCare firewall stats for these attacks (as of October 18, 2023):

Royal Elementor pie chart
Royal Elementor column chart

The seriousness of these attacks was such that even a single bad request could effectively take over your entire WordPress site. Hence, we would recommend you update the Royal Elementor plugin on your WordPress site immediately.

What is the Royal Elementor WordPress plugin vulnerability

Plugin information

  • Vulnerable plugin version: v1.3.78 and earlier
  • Patch release version: v1.3.79 and later
Royal Elementor plugin
Royal Elementor plugin dashboard
Royal Elementor Addons dashboard

About the vulnerability

Royal Elementor is an extension plugin for one of the most popular WordPress page builder plugins. It contains addons, template kits, theme and WooCommerce builders, etc., with a premium version that offers even more features. It boasts a setup that allows users to design their sites without having to write a single line of code.

The vulnerability in the Royal Elementor plugin could potentially allow hackers to upload malicious files on a target websiteā€™s server, resulting in Remote Code Execution (RCE) attacks. With an active install count of more than 200,000, this plugin exposed a sizeable number of WordPress sites to the risk of being hacked.

The vulnerability has now been fixed with the release of Royal Elementor v1.3.79 on October 6, 2023.

Concerned code

If you have reason to believe that your site might have been compromised using this vulnerability, we advise you to look for the following files on your siteā€™s servers:

./wp-content/uploads/wpr-addons/forms/b1ack-N.php, where N=1,2,3, and so on

./wp-content/uploads/wpr-addons/forms/index.php

./wp-content/uploads/wpr-addons/forms/wp.php

If you find these files, take immediate action to update the Royal Elementor plugin and install MalCare to remove any traces of malware on your site.

How is your WordPress site at risk

Your WordPress site could be exposed to RCE attacks if it runs the Royal Elementor plugin v1.3.78 or earlier. These RCE attacks allow malicious actors to insert code into your site, gain access to it remotely, turn themselves into site admins, and perform activities that harm your site and expose your as well as your site visitorsā€™ data.

For example, a hacker might install a code on your site that steals information exchanged between your siteā€™s server and your usersā€™ systems. This can lead to loss of private data as well as trust in your site. Moreover, this code could slow down your site while performing its actions, resulting in dismal site delivery, disappointed users, and a fall in search rankings.

RCE attacks are also known for even graver consequences. With full access to your site, hackers could use it to:

Consequently, addressing this security issue becomes critically important.

Who discovered this vulnerability

The Royal Elementor vulnerability was discovered by WPScan researcher Fioravante Souza on October 3, 2023. Subsequently, WP Royal, the developer of the Royal Elementor plugin, was informed and a patch was released to address this vulnerability for all users on October 6, 2023.

Royal Elementor plugin changelog

How MalCareā€™s Atomic Security prevented these hacks

Vulnerabilities pose a risk even before they surface. If they are unearthed by responsible security experts, they can be expected to inform the plugin developers so that a patch can be quickly created. However, if malicious actors find them, potential exploitation of sites is a scary possibility.

Now, virtual patching, while useful in certain scenarios, often falls short. It reacts to threats rather than proactively preventing them, leaning towards a defensive approach instead of a proactive one. As a result, website owners have to rely on the diligence of a firewall provider to release patches in time.

Any time gap between discovering a vulnerability and its patching leaves sites exposed during this interim period. Furthermore, virtual patching serves as a temporary fix for each vulnerability rather than providing a long-term solution.

Concurrently, generic firewalls are toothless when it comes to these vulnerabilities. Their protection, as the name suggests, is quite generic. Addressing these issues requires WordPress-specific rules, something that these firewalls do not possess.

This is where MalCareā€™s Atomic Security comes in. Its intelligent algorithms and smart rulesets identify patterns in vulnerabilities and stop attacks in their tracks. As a result, vulnerabilities are defended even before plugin developers fix them, as in this case. Together with MalCareā€™s strong malware-checking features, Atomic Security is a superb defender for your WordPress site.

How else does MalCare protect WordPress sites

Atomic Security is just the beginning of MalCareā€™s holistic approach to protecting WordPress sites. MalCare also:

  • scans your site daily and automatically to detect any malware at the earliest
  • uses its strong malware removal utility to eradicate any malicious code that may have found its way into your site
  • proactively alerts upon finding vulnerabilities in plugins and themes on your site so that you can address them right away
  • provides robust protection against bots to ensure an overall faster site
  • adds automatic, offsite backups to form a wholesome security net for your site

You may also like


wordpress permalinks not working error feature image
7 Ways to Fix WordPress Permalinks Not Working

Permalinks are the human-friendly URLs you see on WordPress sites. They help people find pages and posts easily. They keep things clear and tidy. They are like street signs for…

php.ini wordpress file
A Complete Guide to the php.ini WordPress File

Is your WordPress site running slowly or showing strange errors? Are you experiencing performance issues on your site and want solutions? From malware attacks to your site running out of…

How can we help you?

If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.

My site is hacked – Help me clean it

Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.

Secure my WordPress Site from hackers

MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.