🚀 Is building a website too difficult? Let me guide you step by step—Learn about the 「Naibabiji WordPress Website Building Coaching Service」 →
🔍 Click Here to Search This Site
Website News & Articles

Low versions of Ultimate Addons for Elementor and Beaver have vulnerabilities, please update

📅 December 14, 2019
👤 Lee
⏱️ Reading Time: 1 minute
🔄 Last updated: December 14, 2019
Website administrators using Elementor and Beaver editors to build web pages, if you are using versions lower than or equal to1.20.0Ultimate Addons for Elementor and versions equal to or below 1.24.0 ofUltimate Addons for Beaver Builder, please upgrade as soon as possible.

Security researchers have discovered a critical yeteasily exploitable authentication bypass vulnerability in these two widely used extension plugins, which could allow remote attackers to gain administrative access to a site without any password.

More concerningly, attackers have already begun exploiting this vulnerability on a large scale within two days of its discovery to compromise vulnerable WordPress websites and install malicious backdoors for later access. Discovered by researchers from the cybersecurity service MalCare, the vulnerability exists in the way both pluginsallow WordPress account holders (including administrators) to authenticate via Facebook and Google login mechanisms.

According to the vulnerability advisory, due to a lack of checks on the authentication method when users log in via Facebook or Google, the vulnerable plugins can be tricked, allowing malicious users to log in as any other target user without entering any password.

In an email to The Hacker News, WebARX confirmed thatafter uploading a dmp.zip file to the target WordPress server, attackers added a forged wp-xmlrpc.php backdoor file to the website's root directory while also installing a fake SEO statistics plugin.

„To exploit this vulnerability, hackers need to use the email ID of a site administrator user. In most cases, this information can be easily retrieved.“MalCare

MalCare discovered this vulnerability on Wednesday, which affects the plugin versions listed below. They reported it to the developers on the same day, who promptly addressed the issue and released two patched versions within just 7 hours.

  • Ultimate Addons for Elementor <= 1.20.0
  • Ultimate Addons for Beaver Builder <= 1.24.0

Therefore, if you are still using the above or lower versions of the plugins, pleaseupdate promptly to Ultimate Addons for Elementor 1.20.1 and Ultimate Addons for Beaver Builder 1.24.1.Version and above.

Go toWP University

🚀 Still feeling confused after reading the tutorial? Let me guide you step-by-step instead.

「Naibabiji WordPress Website Building Coaching」 — From selecting a domain and purchasing hosting to installing themes and publishing posts, I「ll guide you through every step, helping you avoid detours and reach your goals directly.

👉 Learn about Website Building Coaching Service
🔒

Comments are closed

The comment function for this article is closed. If you have any questions, please feel free to contact us through other channels.

×
二维码

Scan to Follow