Millions of unpatched WordPress websites are now at risk of a vulnerability that was discovered between the Elementor Pro and the WooCommerce plug-ins for WordPress (Lakshmanan, 2023). The vulnerability is actively being exploited by hackers in the wild and enables the threat actors to gain full administrative control over the victim’s website. Once the attacker has gained administrative access, they can forward the domain to malicious websites, or set up a back door system to further exploit the website in the future. On March 18, 2023, the discovery of the vulnerability was credited to Jerome Bruandet, who is a security researcher for NinTechNet.
This exploit applies to retail technology in a massive scale due to the popularity of both the Wordpress Elementor and WooCommerce plug-ins, and the sheer number of websites that also use a combination of the two plug-ins is immense. WooCommerce allows a vendor’s WordPress site to sell products through an online-store functionality including integration with multiple types of payment vendors. Elementor is used primarily as a quick layout tool to design pages in WordPress. It is important that anyone who administrates an e-commerce website should make daily back-ups and updates to their websites databases and plug-ins so that the consequences of these types of vulnerabilities can be minimized.
References
Lakshmanan, R. (2023). Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk! TheHackerNews. https://thehackernews.com/2023/04/hackers-exploiting-wordpress-elementor.html