top of page

WordPress

CVE-2022-1329

WordPress is one of the most popular content management systems (CMS) in the world. It is not an exaggeration to say that WordPress has changed the internet.

How_WordPress_Changed_the_Internet.jpg

Wordpress Impact LINK

It is estimated that over 75 million websites use WordPress. This includes sites run by individuals, small businesses, and large corporations. WordPress has also been translated into over 70 languages, making it accessible to people all over the world.

The impact of WordPress goes beyond just its popularity. It has also had a significant impact on the web development industry as a whole, democratizing website building and making it accessible to anyone with an internet connection. 

That being said, WordPress also has a dark side 😈.

Since 2012 researchers in the Georgia Tech Cyber Forensics Innovation Laboratory (CyFI Lab) have uncovered 47,337 malicious plugins across 24,931 unique WordPress websites.

Researchers found that every compromised website in their dataset had two or more infected plugins. The findings also indicated that 94% of those plugins are still actively infected.

There are many third party plugins available for download to extend the functionality of WordPress, too many of them 🤐.

 

We will discuss one of them in this detail page, the Elementor plugin (versions 6.0.0 - 6.3.0), which handles AJAX requests in an insecure way.

 

The plugin uses a nonce for verification which can be found by any authenticated user in the source of the wp-admin dashboard.

 

The AJAX is then run without capability checks, which allows users to access several functions, including upload_and_install_pro. The upload_and_install_pro function can be taken advantage of by being used to upload a .zip file containing labels and header for the Elementor Pro plugin.

 

The .zip file can contain any code as long as the labels and headers appear correct, which can then be executed to open a shell on the server or do other malicious actions

What is Elementor?

On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor plugin that allowed any authenticated user to upload arbitrary PHP code. Elementor is one of the most popular WordPress plugins and is installed on over 5 million websites.

Elementor is a drag-and-drop page builder for WordPress. This plugin helps you create beautiful pages using a visual editor (which is exactly what Wix and a ton of other programs are doing, without a plugin). It's designed to build dynamic websites quickly. This WordPress plugin is an all-in-one solution — letting you control every part of your website design in a single platform.

Here's a demonstration in GIF

CarelessGrayDuck-size_restricted.gif

References

03.

Introduction

Critical Remote Code Execution Vulnerability in Elementor

bottom of page