Carding 4 Carders
Professional
Has your site already been hacked? Then Royal Elementor is coming to you.
Attackers are actively exploiting a critical vulnerability in the Royal Elementor Addons and Templates plugin for WordPress. Exploitation of the bug was noticed even before the manufacturer released a fix, which is why hackers used it as a zero-day.
Royal Elementor Addons and Templates by WP Royal is a website creation toolkit that allows you to quickly create web elements without programming knowledge. According to WordPress.org, the plugin has more than 200 thousand installations.
The vulnerability is tracked as CVE-2023-5360 (CVSS: 9.8) and allows an unauthenticated attacker to perform random file uploads on vulnerable sites. The flaw affects plugin versions up to 1.3.78
Although the plugin has an extension check to restrict uploads to only certain, allowed file types, an unauthorized user can manipulate the list of allowed files to bypass the check. A cybercriminal can achieve Remote Code Execution (RCE) and take full control of the site. Additional technical details about the vulnerability were hidden to prevent widespread adoption.
Two WordPress security companies, Wordfence and WPScan (Automattic), have marked CVE-2023-5360 as actively exploited since August 30, 2023, with the number of attacks increasing since October 3, 2023.
Wordfence blocked more than 46,000 attacks on Royal Elementor in the month of September, and WPScan found 889 cases where attackers used the vulnerability to host 10 different payloads. Most of the payloads are PHP scripts that attempt to create a WordPress admin account or act as a backdoor.
According to WordPress, most attacks originate from just two IP addresses, so exploitation can only be attributed to certain threat actors.
WP Royal released version Royal Elementor Addons and Templates 1.3.79 on October 6 with a vulnerability fix. Users are encouraged to upgrade to this version as soon as possible. It is worth noting that upgrading to version 1.3.79 will not automatically remove malicious files, so you will need to clean up the site.
Attackers are actively exploiting a critical vulnerability in the Royal Elementor Addons and Templates plugin for WordPress. Exploitation of the bug was noticed even before the manufacturer released a fix, which is why hackers used it as a zero-day.
Royal Elementor Addons and Templates by WP Royal is a website creation toolkit that allows you to quickly create web elements without programming knowledge. According to WordPress.org, the plugin has more than 200 thousand installations.
The vulnerability is tracked as CVE-2023-5360 (CVSS: 9.8) and allows an unauthenticated attacker to perform random file uploads on vulnerable sites. The flaw affects plugin versions up to 1.3.78
Although the plugin has an extension check to restrict uploads to only certain, allowed file types, an unauthorized user can manipulate the list of allowed files to bypass the check. A cybercriminal can achieve Remote Code Execution (RCE) and take full control of the site. Additional technical details about the vulnerability were hidden to prevent widespread adoption.
Two WordPress security companies, Wordfence and WPScan (Automattic), have marked CVE-2023-5360 as actively exploited since August 30, 2023, with the number of attacks increasing since October 3, 2023.
Wordfence blocked more than 46,000 attacks on Royal Elementor in the month of September, and WPScan found 889 cases where attackers used the vulnerability to host 10 different payloads. Most of the payloads are PHP scripts that attempt to create a WordPress admin account or act as a backdoor.
According to WordPress, most attacks originate from just two IP addresses, so exploitation can only be attributed to certain threat actors.
WP Royal released version Royal Elementor Addons and Templates 1.3.79 on October 6 with a vulnerability fix. Users are encouraged to upgrade to this version as soon as possible. It is worth noting that upgrading to version 1.3.79 will not automatically remove malicious files, so you will need to clean up the site.
