A newly discovered vulnerability in the Essential Addons for Elementor plugin has put over one million WordPress websites at risk of attacks aimed at gaining unauthorized access to user accounts with elevated privileges.
“This plugin suffers from an unauthenticated privilege escalation vulnerability and allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site,” reads the technical write-up.
Patchstack further explained that by exploiting this vulnerability, attackers could reset the password of any user simply by knowing their username, thereby gaining unauthorized access to user accounts, including those with administrative privileges.
“This vulnerability occurs because this password reset function does not validate a password reset key and instead directly changes the password of the given user,” Patchstack wrote.
The company clarified that the flaw was addressed in version 5.7.2, released on on May 11, just days after Patchstack contacted the plugin vendor on May 8.
“Since we’ve detected that third parties have had access to the vulnerability information via monitoring the changelog and have made the issue public, we’ve decided to disclose the vulnerability early,” reads the advisory.
At the same time, Patchstack clarified that, while the patch addresses the specific vulnerability that was identified, the software can have multiple vulnerabilities and new vulnerabilities may arise in the future.
To this end, system administrators should implement additional security practices such as access control, nonce checks and utilize functions like check_password_reset_key, which verifies the validity and expiration of a password reset key, ensuring secure password reset processes.
The recent advisory from Patchstack comes a few months after security experts strongly urged users of a popular WordPress plugin to immediately update their installations.
Editorial image credit: monticello / Shutterstock.com