Hackers are exploiting a critical WordPress vulnerability present in the popular Elementor Pro plugin which is a page builder allowing users to quickly build professional-looking sites without knowing how to code. The WordPress vulnerability was discovered by a security researcher with NinTechNet, Jerome Bruandet.
WordPress Vulnerability to Redirect Visitors to Malicious Domains
A report from security firm, PatchStack, said that the Elemental Pro vulnerability is enabling hackers to redirect visitors to malicious domains or upload backdoors to the breached site, which allows the attacker to gain full access to the WordPress site, whether to steal data or install additional malicious code.
Bruandet explained the details in a technical writeup saying; “An authenticated attacker can leverage the vulnerability to create an administrator account by enabling registration and setting the default role to “administrator,” change the administrator email address or, redirect all traffic to an external malicious website by changing siteurl among many other possibilities.”
How to Protect Yourself From Becoming a Victim?
Suppose you are one of those users whose site uses Elementor Pro. In that case, it is essential to upgrade to version 3.11.7 or later (the latest available is 3.12.0) as soon as possible, as the vulnerability has impacted v3.11.6. All versions before it and hackers are already targeting vulnerable websites. As per PatchStack, most attacks targeting vulnerable websites originate from three IP addresses – 193.169.194.63; 193.169.195.64; and 194.135.30.6 – so it is suggested to add those to a blocklist.
Also read: Popular WordPress Plugin Exposes Millions of Websites to Malicious Cyber Attacks