One of the most popular WordPress plugins, Essential Addons for Elementor, was vulnerable to an unauthenticated privilege escalation that allowed attackers to gain administrator rights on the vulnerable site.
Let me remind you that we also wrote that Hackers Attack Elementor Pro WordPress Plugin With 11 Million Installs, and also that Developers fixed serious vulnerabilities in WordPress Download Manager.Additionally, information security specialists reported that Exploits for Vulnerabilities in Three Popular WordPress Plugins Appeared on the Network.
Essential Addons for Elementor is a library of 90 extensions for the popular Elementor page builder, which is used by over 1,000,000 websites.
The problem was discovered by PatchStack on May 8, 2023. The vulnerability received the identifier CVE-2023-32243. It is reported to help elevate privileges without authentication and is related to the password reset feature in the plugin, affecting versions 5.4.0 to 5.7.1.
The consequences of exploiting such a vulnerability can be significant, ranging from unauthorized access to private information, defacement or deletion of the site, and ending with the spread of malware among site visitors, which can have severe consequences for site owners.
As explained in the PatchStack report, an attacker would need to set the POST page_id and widget_id to a random value so that the plugin does not generate an error message that might make the site administrator suspicious. Also, the attacker must supply the correct nonce value in the eael-resetpassword-nonce parameter in order to confirm the password reset request and set a new password in the eael-pass1 and eael-pass2 parameters.
Thus, if the rp_login parameter is set to a valid username, it is possible to change the target user’s password to a new one provided by the attacker, effectively giving the attacker control of the account.
The fix for the vulnerability has already been released as part of Essential Addons for Elementor version 5.7.2. All plugin users are now advised to update to the latest version as soon as possible.