Westwp logo web security

Elementor Plugin Vulnerability 2023: How to Safeguard Your WordPress

Table of Contents

Your website’s security is of the utmost importance in the digital age because even a small flaw can let hackers access your site and cause data breaches.

Recently, a vulnerability in the WordPress Elementor Plugin has come to light, and website owners must understand and address it.

Elementor Plugin Vulnerability How to fix it

The Vulnerability Unveiled

CVE-2023-32243 vulnerability affects the Essential Addons for Elementor plugin versions 5.4.0 to 5.7.1. 

This flaw allows unauthenticated attackers to reset the passwords of administrator accounts, giving them control over the affected websites. 

The cybersecurity firm PatchStack discovered this flaw on March 18th, 2023, and the vendor promptly released a fix with the plugin’s version 5.7.2 on May 11th.

The Exploitation: A Closer Look

The exploitation of this vulnerability escalated dramatically after a proof-of-concept (PoC) exploit was published on GitHub. 

Cybersecurity researchers observed millions of probing attempts for the presence of the vulnerable plugin on websites. 

The IP addresses ‘185.496.220.26’ and ‘185.244.175.65’ were identified as the primary sources of these requests.

Securing Your Website

To mitigate this vulnerability, updating the plugin to version 5.7.2 or later is crucial. 

Additionally, administrators should add the offending IP addresses to a blocklist using the indicators of compromise listed on Wordfence’s report.

Update from Elementor

Elementor has confirmed the security vulnerability in Elementor Pro and has resolved the issue in version 3.11.7. 

If you have an older version of Elementor Pro (3.11.6 or older) AND WooCommerce installed on your website, you may be exposed to this security vulnerability

Elementor recommends updating your website to the latest versions of Elementor and Elementor Pro.

Frequently Asked Questions

Is the Elementor plugin safe?

The Elementor plugin is safe to use, especially if you keep it updated. The recent vulnerability has been resolved in version 3.11.7.

Does the plugin Elementor Pro have a security vulnerability? 

A security vulnerability was identified in Elementor Pro versions 3.11.6 and older. This vulnerability has been resolved in version 3.11.7.

What is the vulnerability of the Elementor Pro WordPress plugin? Is it fixed?

The vulnerability, known as CVE-2023-32243, allowed unauthenticated attackers to reset the passwords of administrator accounts, effectively granting them control over the affected websites. 

This vulnerability has been fixed in version 3.11.7.

What is the essential add-on vulnerability for Elementor?

The Essential Addons for Elementor plugin versions 5.4.0 to 5.7.1 had a vulnerability that allowed unauthenticated attackers to reset the passwords of administrator accounts. This vulnerability has been fixed in V 3.11.7

Which plugin is better than Elementor?

The choice of a plugin depends on your specific needs. While Elementor is a popular choice due to its flexibility and ease of use, other plugins like Beaver Builder, Divi, and Thrive Architect also offer robust features.

Should I use Elementor Pro or not?

Elementor Pro is a powerful tool for building websites, but it’s important to keep it updated for security reasons. 

The recent vulnerability has been resolved in version 3.11.7, making it safe to use.

When was the Elementor plugin vulnerability reported?

The Elementor plugin vulnerability was reported to Elementor on March 18th, 2023.

What is the code found vulnerable? How can I verify or edit it?

The sources do not explicitly mention the specific code found vulnerable. However, the vulnerability was related to the Essential Addons for Elementor plugin versions 5.4.0 to 5.7.1. 

To verify if your site is affected, check your WordPress users list to see if any new unknown user has registered, especially if you control who registers to your site.

What is the manual fix for this?

The manual fix for this vulnerability is to update your Elementor and Elementor Pro plugins in your WordPress website to the latest available version. 

If your site is affected, you should restore a clean website backup. If you have an Elementor Hosting plan, you can follow this guide. Otherwise

Conclusion

In cybersecurity, staying updated is not just an option; it’s a necessity. The recent vulnerability in the WordPress Elementor Plugin is a stark reminder of this fact. 

By keeping your plugins updated and maintaining vigilance over your website’s security, you can ensure that your site remains secure against such threats.