CVE-2023-41955: Privilege escalation in WordPress Elementor plugin affects 1M sites
A critical vulnerability has been discovered in one of WordPress’s most popular Elementor plugins, Essential Addons for Elementor. This vulnerability could allow remote attackers to gain administrator privileges on affected sites, giving them full control over the website.
For those not in the know, Essential Addons for Elementor is not just any ordinary WordPress plugin. It’s a behemoth, boasting a suite of 90 extensions designed exclusively for the Elementor page builder. This impressive tool has cemented its place in over one million WordPress installations, helping users craft beautiful websites with ease.
Unearthed by PatchStack on September 15, 2023, the flaw, cataloged as CVE-2023-41955, could allow a user with mere ‘Contributor’ rights to flex some serious muscle.
The plugin allows users to create custom registration forms. Sounds harmless, right? Yet, this feature was the chink in the armor. A contributor, typically limited in their capabilities, could exploit this functionality to set up arbitrary roles on these registration forms.
A contributor could essentially crown themselves as an administrator of the website. And with that role comes access to every nook and cranny.
The consequences of the CVE-2023-41955 vulnerability are significant. An attacker with administrator privileges could do anything they want to the website, including:
- Stealing user data, such as passwords and credit card numbers
- Defacing or deleting the website
- Installing malware on the website to infect visitors
- Using the website to launch further attacks against other targets
A couple of checks on the registration role field, ensuring that only administrators can configure roles. All users of Essential Addons for Elementor are urged to update to the latest version of the plugin, version 5.8.9, as soon as possible. This version fixes the privilege escalation vulnerability.
In addition to updating the plugin, WordPress site owners can also take the following steps to protect their sites from this vulnerability:
- Keep WordPress and all plugins up to date with the latest security patches
- Use a strong password manager to create and store unique passwords for all of your WordPress accounts
- Enable two-factor authentication (2FA) on all of your WordPress accounts
- Regularly scan your website for malware and vulnerabilities