🚀 Is building a website too difficult? Let me guide you step by step—Learn about the 「Naibabiji WordPress Website Building Coaching Service」 →
🔍 Click here to search this site
Website News Articles

Elementor and Beaver's older versions of Ultimate Addons components have vulnerabilities, please update

📅 December 14, 2019
👤 Lee
⏱️ Reading time: 1 minute
🔄 Last updated: December 14, 2019
Website owners using Elementor and Beaver Builder editors, if you are using versions lower than or equal to1.20.0 ofUltimate Addons for Elementor and lower than or equal to 1.24.0 ofUltimate Addons for Beaver Builder, then please upgrade as soon as possible.

Security researchers have discovered a critical yeteasily exploitable authentication bypass vulnerability in these two widely used extension plugins, which could allow remote attackers to gain administrative access to sites without any password.

More concerningly, attackers have already begun exploiting this vulnerability on a large scale within two days of its discovery to compromise vulnerable WordPress websites and install malicious backdoors for later access. Discovered by researchers from the cybersecurity service MalCare, the vulnerability exists in the way both pluginsallow WordPress account holders (including administrators) to authenticate via Facebook and Google login mechanisms.

According to the vulnerability advisory, due to a lack of verification of the authentication method when users log in via Facebook or Google, the vulnerable plugins can be tricked, allowing malicious users to log in as any other target user without entering any password.

In an email sent to The Hacker News, WebARX confirmedthat after uploading a dmp.zip file to the target WordPress server, attackers added a forged wp-xmlrpc.php backdoor file to the website's root directory, while also installing a fake SEO statistics plugin.

„To exploit this vulnerability, hackers need the email ID of a site administrator user. In most cases, this information can be easily retrieved.“MalCare

MalCare discovered this vulnerability on Wednesday, which affects the plugin versions listed below, and reported it to the developers on the same day. The developers then promptly addressed the issue and released two patched versions within just 7 hours.

  • Ultimate Addons for Elementor <= 1.20.0
  • Ultimate Addons for Beaver Builder <= 1.24.0

Therefore, if you are still using the plugin at the above versions or lower, pleaseupdate promptly to Ultimate Addons for Elementor 1.20.1 and Ultimate Addons for Beaver Builder 1.24.1or higher.

Go toWP University

🚀 Still feeling confused after reading the tutorial? Let me guide you step-by-step.

「Naibabiji WordPress Website Building Coaching Service」—From choosing a domain and buying hosting, to installing a Theme and publishing content, I「ll coach you through every step, helping you avoid detours and reach your goal directly.

👉 Learn about the Website Building Coaching Service
🔒

Comments are closed

The comment function for this article is closed. If you have any questions, please feel free to contact us through other channels.

×
二维码

Scan QR Code to Follow

AI Website Building Assistant

🤖
Hello! I am the Naibabiji AI Assistant. How can I help you?
Quick Consultation:
In-depth Tools:
🎯 SEO Planning Tool 🖼️ Website template