Subj : One of the most popular WordPress plugins has a serious security
To   : All
From : TechnologyDaily
Date : Fri May 12 2023 14:15:03

One of the most popular WordPress plugins has a serious security flaw

Date:
Fri, 12 May 2023 12:56:33 +0000

Description:
An Elementor library, used by a million WordPress websites, allowed attackers 
to reset anyone's password.

FULL STORY
======================================================================

A hugely popular plugin for the WordPress website builder was carrying a 
high-severity flaw that could have allowed threat actors to take full control 
of the target website, experts have found. 

Cybersecurity researchers from PatchStack discovered a flaw in the Essential 
Addons for Elementor plugin - a library for the Elementor page builder, 
consisting of 90 different extensions. 

The team claims more than a million WordPress sites have the library 
installed. Stealing the website 

The flaw, which has since been patched, is being tracked as CVE-2023-32243, 
and its described as an unauthenticated privilege escalation flaw on the 
password reset functionality. All versions from 5.4.0 up to 5.7.1 are 
vulnerable, the researchers are saying. Apparently, a threat actor could, 
with relative ease, reset the password of an admin account, assume control, 
and thus take over the entire website. 

It is possible to reset the password of any user as long as we know their 
username, thus being able to reset the password of the administrator and 
login on their account," PatchStack said. "This vulnerability occurs because 
this password reset function does not validate a password reset key and 
instead directly changes the password of the given user." Read more 

> WordPress plugin exposes half a million sites to attack 


 > Elementor website builder review 


 > Check out the best website builders out there 

When a malicious actor takes control of a website, there are a number of 
things they could do, from stealing sensitive information and engaging in 
identity theft, to distributing malware and engaging in ad fraud. 

Prior to exploiting the flaw, the attackers need to know a couple of things, 
including the username of the systems admin. They also need to set a random 
value in POST 'page_id' and 'widget_id' inputs, as otherwise, the plugin 
would report an error to the actual admin. Furthermore, thes must provide the 
correct nonce value on the 'eael-resetpassword-nonce' as that validates the 
password reset and sets a new password on the 'eael-pass1' and 'eael-pass2' 
parameters. 

If youre using Essential Addons for Elementor, make sure to bring it up to 
version 5.7.2. These are the best WordPress hosting services right now 

Via: BleepingComputer



======================================================================
Link to news story:
https://www.techradar.com/news/one-of-the-most-popular-wordpress-plugins-has-a
-serious-security-flaw


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.