Privilege Escalation vulnerability in WordPress Essential Addons for Elementor Plugin

A Privilege Escalation vulnerability has been identified in the WordPress Essential Addons for Elementor Plugin. This vulnerability could allow a malicious actor to escalate their low-privileged account to something with higher privileges and take full control of the website.

This vulnerability was discovered and responsibly reported by Rafie Muhammad (Patchstack).

The vulnerability is a Privilege Escalation vulnerability that occurs in the woocommerce-beta-tester.php file. The vulnerability allows an attacker to exploit a flaw in the way that the plugin handles user input to escalate their privileges.

Severity:

The vulnerability has a CVSS 3.1 score of 8.8, which is considered to be high. This means that the vulnerability is likely to be exploited and could have a significant impact on the affected system.

Affected Versions:

The vulnerability affects all versions of the Essential Addons for Elementor Plugin prior to 5.8.9.

Impact:

An attacker who successfully exploits this vulnerability could:

Escalate their low-privileged account to something with higher privileges.
Take full control of the website, including:
- Modifying or deleting any data on the website.
- Installing or uninstalling plugins or themes.
- Changing the website’s configuration.
- Creating or deleting user accounts.

Recommendation:

Users of the Essential Addons for Elementor Plugin can take the following actions to reduce the risk of exploitation:

Update the Plugin: Ensure that promptly update the Essential Addons for Elementor Plugin to the latest available version, at least version 5.8.9. This update contains the necessary security fixes to address the Privilege Escalation vulnerability.
Regularly Update Plugins: Beyond this specific update, make it a practice to regularly update all WordPress plugins and themes to their latest versions. Keeping website components up to date is a fundamental security measure.

Privilege Escalation vulnerability in WordPress Essential Addons for Elementor Plugin

Severity:

Affected Versions:

Impact:

Related Articles

Addressing High-Severity XSS Vulnerability in Variation Images Gallery for WooCommerce Plugin

Remote Code Execution (RCE) vulnerability in WordPress File Manager Pro Plugin

Mitigating High-Severity XSS Vulnerability in CartFlows Pro Plugin

Local File Inclusion (LFI) vulnerability in WordPress Ultimate Addons for WPBakery Page Builder Plugin

Critical Broken Access Control Vulnerability in Security & Malware scan by CleanTalk Plugin

WordPress Lava Directory Manager Plugin Cross-Site Scripting (XSS) Vulnerability

Categories

Latest Blog Updates

Unmasking a Persistent Malware Attack on a WordPress Website

Investigating and Resolving High CPU Usage in WordPress Due to Malicious Crawlers

Unmasking a Hidden Malware Attack Targeting Users from Search Results

Critical Broken Access Control Vulnerability in WP Travel Plugin

Critical Broken Access Control Vulnerability in WooODT Lite Plugin

Critical Local File Inclusion Vulnerability in HTML filter and csv-file search Plugin

Critical Remote Code Execution Vulnerability in PHP to Page Plugin