How can we help?
Over five million WordPress sites could be vulnerable to a file upload vulnerability in the Elementor website builder plugin.
An authenticated user could upload a file and execute it, granting code execution on the server.
Check the running version of Elementor from the WordPress Plugins page of the dashboard.
Elementor version 3.6.0.
Containment, Mitigations & Remediations
Update to version 3.6.3.
The researchers who published the advisory note that aside from this specific vulnerability, the plugin does not seem well written so it might be best not to use it at all.
If the provided functionality is required, then a web application firewall (WAF) could help mitigate some types of attack.
Indicators of Compromise
Malicious actors can be detected scanning for vulnerable servers by looking in HTTP logs for the following file:
That doesn’t indicate a successful attack, however.
Third-party WordPress plugins are commonly found to be vulnerable and there doesn’t seem to be a lot of effort put into securing them. WordPress is a particularly targetted platform due to its prolific use. This third-party plugin is currently running on over 5 million servers, making this a desirable target for botnet creators.
T1068 – Exploitation for Privilege Escalation