Critical flaw in popular WordPress plugin exploited in the wild

Cybersecurity specialists reported the detection of a critical flaw in The Plus Addons for Elementor plugin that could allow threat actors to take full control of a WordPress website. According to Wordfence experts, this zero-day flaw would have already been exploited in the wild.

About the compromised plugin, experts mention that this is a Premium plugin designed to add multiple widgets and increase the functions of Elementor, one of the most popular plugins in this content management system (CMS).

The problem lies in one of the added widgets, which provides the ability to insert user login and registration forms into the pages where Elementor is used. A configuration error allows threat actors to create new user accounts with administrator permissions on the vulnerable website and even log in as an existing user.

As a security measure, experts recommend that users of the affected plugin be immediately deactivated and removed, at least until developers release a fix. In addition, all sign-up or login widgets added by The Plus Addons must be removed.

Moreover, the report mentions that the free version of this plugin (The Plus Addons Lite) is not affected by this flaw, so switching to that version can also mitigate the risk of exploitation until the release of official security patches.

Still, Wordfence researchers note that the risk will remain present until the necessary fixes are applied: “The flaw can be exploited even if the affected website does not include a login page or activity log, so any site with The Plus Addons is vulnerable.”

Experts concluded their report by reiterating that the flaw is being actively exploited, so they cannot reveal further technical details about the vulnerability or attack: “We believe that threat actors add user accounts using email addresses registered on these websites to install malicious plugins like wpstaff. We reiterate that website administrators review their infrastructure for some indicator of engagement to take the necessary action in the event of an attack.”

What do you think about exploiting this flaw? Do you think this is a real risk when using the Internet? To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.