In 2020, One bug found in WordPress plugins is being actively exploited by Ultimate Addons for Beaver Builder and Ultimate Addons for Elementor.

Security researchers are warning users of two Brainstorm Force-made WordPress plugins that they need to fix a “major vulnerability that could enable hackers to access any website and use the plugins administratively. It is only aware of one customer who had its website compromised because of this bug, according to Brainstorm Force. However after the bug was discovered in December 2019, another source has also confirmed a successful attack.

Ultimate Addons for the Beaver Builder and Ultimate Addons for Elementor are the plugins in question. Both WordPress plugins are designed to help publishers of websites quickly add advanced designs and user functions to websites built using Beaver Builder and Elementor specific frameworks.

[This is a major vulnerability that could allow hackers to access any WordPress website that had the plugin installed to receive admin access. This implies that if you use the plugin, hackers will gain complete control of your website,” wrote security firm WordPresswebsite.In, in a post published in December 2019.

WordPresswebsite.In said on December, it discovered the error, known as an authentication bypass bug, and alerted Brainstorm Force immediately the same day. Developers at Brainstorm Force acted rapidly, launching a patch within seven hours for the bug affecting both plugins. Patched versions include Beaver Builder’s Ultimate Addons (version 1.2.4.1) and Elementor’s Ultimate Addons (version 1.20.1).

Under Attack

A Tech9logy Creators web security company’s research team said it also started monitoring the bug this week and reports that hackers are actively exploiting the vulnerability.

“We have learned from forensics that since December 10th, the attackers have been targeting websites with Ultimate Add-ons Elementor plugin,” Tech9logy Creators wrote in a company blog post.

Tech9logy Creators reports that hackers target vulnerable websites and upload the tmp.zip file to install a fake SEO stats plugin that then adds a wp-xmlrpc.php backdoor to the vulnerable website’s root directory. Multiple IPs attempt to access the wp-xmlrpc.php file after the infection.

Brainstorm Force told Threatpost that it does not know for sure how many potential customers are affected by this bug because the plugin pages are hosted on servers outside their authority. “A company spokesperson told Threatpost, “As a hacker needs to know the email address of the [WordPress admin] user, the number of exploits may be limited.

Plugin Problems

Security team members clarify that when both the Elementor and Beaver Builder plugins are installed on the WordPress site, the vulnerability is present. All a hacker requires is the email address of an admin user of the site, WordPresswebsite.In explains, to exploit the bug. Next, as long as the affected plugin is in use, it is as simple as logging into WordPress to obtain administrator access to the website.

Tech9logy Creators clarified that the vulnerable version of the plugin has a feature that allows users to log in using a normal mix of username/password, Facebook, and Google. “However the token returned by Facebook and Google was not checked by the Facebook and Google authentication methods, and because they do not require a password, there was no password check.

A public statement on the Elementor and Beaver Builder bugs has been made by Brainstorm Power. “We’ve released an update and have patched the vulnerable code,” Threatpost also said. By upgrading the plugin with one click, users may add the patch. Users that have their license key registered can see an update notification on their WordPress dashboard. All they have to do is press the update button.

In this article, we just shared elementor pro and beaver builder security bug. Which can harm and destroy your whole site by a hacker. If you are facing any other issues related to wordpress security, Support and maintenance services, You can contact us directly at [email protected] or visit our website by click on WordPress Security Experts

Share

Responses