WordPress is one of the most popular content management
systems (CMS) in the world. It is not an exaggeration to say
that WordPress has changed the internet.
It is estimated that over 75 million websites use WordPress.
This includes sites run by individuals, small businesses, and
large corporations. WordPress has also been translated into
over 70 languages, making it accessible to people all over the
world.
The impact of WordPress goes beyond just its popularity. It
has also had a significant impact on the web development
industry as a whole, democratizing website building and making
it accessible to anyone with an internet connection.
That being said, WordPress also has a dark side 😈.
Since 2012 researchers in the Georgia Tech Cyber Forensics
Innovation Laboratory (CyFI Lab) have uncovered 47,337
malicious plugins across 24,931 unique WordPress websites.
Researchers found that every compromised website in their
dataset had two or more infected plugins. The findings also
indicated that 94% of those plugins are still actively
infected.
There are many third party plugins available for download to
extend the functionality of WordPress, too many of them 🤐.
We will discuss one of them in this detail page, the Elementor
plugin (versions 6.0.0 - 6.3.0), which handles AJAX requests
in an insecure way.
The plugin uses a nonce for verification which can be found by
any authenticated user in the source of the wp-admin
dashboard.
The AJAX is then run without capability checks, which allows
users to access several functions, including
upload_and_install_pro. The upload_and_install_pro function
can be taken advantage of by being used to upload a .zip file
containing labels and header for the Elementor Pro plugin.
The .zip file can contain any code as long as the labels and
headers appear correct, which can then be executed to open a
shell on the server or do other malicious actions
What is Elementor?
On March 29, 2022, the Wordfence Threat Intelligence team
initiated the disclosure process for a critical vulnerability in
the Elementor plugin that allowed any authenticated user to
upload arbitrary PHP code. Elementor is one of the most popular
WordPress plugins and is installed on over 5 million websites.
Elementor is a drag-and-drop page builder for WordPress. This
plugin helps you create beautiful pages using a visual editor
(which is exactly what Wix and a ton of other programs are
doing, without a plugin). It's designed to build dynamic
websites quickly. This WordPress plugin is an all-in-one
solution — letting you control every part of your website design
in a single platform.