A Privilege Escalation vulnerability has been identified in the WordPress Essential Addons for Elementor Plugin. This vulnerability could allow a malicious actor to escalate their low-privileged account to something with higher privileges and take full control of the website.

This vulnerability was discovered and responsibly reported by Rafie Muhammad (Patchstack).

The vulnerability is a Privilege Escalation vulnerability that occurs in the woocommerce-beta-tester.php file. The vulnerability allows an attacker to exploit a flaw in the way that the plugin handles user input to escalate their privileges.

Severity:

The vulnerability has a CVSS 3.1 score of 8.8, which is considered to be high. This means that the vulnerability is likely to be exploited and could have a significant impact on the affected system.

Affected Versions:

The vulnerability affects all versions of the Essential Addons for Elementor Plugin prior to 5.8.9.

Impact:

An attacker who successfully exploits this vulnerability could:

  • Escalate their low-privileged account to something with higher privileges.
  • Take full control of the website, including:
    • Modifying or deleting any data on the website.
    • Installing or uninstalling plugins or themes.
    • Changing the website’s configuration.
    • Creating or deleting user accounts.

Recommendation:

Users of the Essential Addons for Elementor Plugin can take the following actions to reduce the risk of exploitation:

  • Update the Plugin: Ensure that promptly update the Essential Addons for Elementor Plugin to the latest available version, at least version 5.8.9. This update contains the necessary security fixes to address the Privilege Escalation vulnerability.
  • Regularly Update Plugins: Beyond this specific update, make it a practice to regularly update all WordPress plugins and themes to their latest versions. Keeping website components up to date is a fundamental security measure.