A million WordPress sites are at risk due to plugin vulnerability

Complete WordPress site takeover a real possibility, experts warn

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A security flaw in a popular plugin made it possible for malicious actors to compromise more than a millionWordPress websites, experts have reported.

According to the Wordfence Threat Intelligence team, a vulnerability in the Starter Templates - Elementor, Gutenberg & Beaver Builder Templates plugin, allowed contributor-level users to completely overwrite any page on the site, and embed maliciousJavaScriptat will.

The vulnerability was discovered on October 4, and patched three days later, on October 7 - with all users (particularly those using versions 2.7.0 and older) now advised to update the plugin to at leas, version 2.7.5.

TheWordPress pluginallows site owners to integrate prebuilt templates for otherwebsite builders, such as Elementor. For sites with this builder installed, Wordfence discusses an example, it was possible for users with the edit_post capability (such as contributors), to import blocks on the pages through the astra-page-elementor-batch-process AJAX action.

Site takeover a possibility

The elementor_batch_process function associated with this action does perform a nonce check, the researchers further explain, but this was a weak gateway, as the required ajax_nonce was also available to contributors in the page source of the WordPress dashboard.

In theory, a malicious actor could create and host a block with malicious JavaScript on a server, and then use it to overwrite any post or page, by sending an AJAX request with the action set to astra-page-elementor-batch-process, and the URL parameter set towards the remotelyhostedmalicious block.

Consequently, the malicious JavaScript could get executed in the visitor’s browser.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

There are numerous use cases for the flaw, Wordfence says, including redirecting users to a malicious website, hijacking an admin session to create new admins, or adding a backdoor to the site, which could lead to complete site takeover.

With the latter being a high-level threat, Wordfence recommends all affected users to spread the word and raise awareness of the vulnerability.

Stay safe online with thebest endpoint protectiontools

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Squarespace just launched its biggest update ever. I asked what that means for your business

Shopify just made it easier to access all your financial tools in one place

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well