How To Fix A Critical Remote Code Execution Vulnerability In Elementor- CVE-2022-1329

Recently, A security researcher, Ramuel Gall from Wordfence, uncovered a critical remote code execution vulnerability in the Elementor WordPress plugin. The vulnerability is tracked under CVE ID ‘CVE-2022-1329’ and has been rated critical severity with a CVSS score of 9.9. The flaw allows any authenticated user to upload arbitrary PHP code on the site running a vulnerable version of the Elementor plugin, which enables the malicious user to take over the site or access additional resources on the server. This post is important for those who have the Elementor plugin installed on their WordPress site to know how to fix the critical remote code execution vulnerability in the Elementor WordPress plugin.

About Elementor Plugin And Its Features:

Elementor is a WordPress plugin that allows you to create custom pages and post layouts using a drag and drop interface. It is the most popular WordPress page builder plugin, with over 5 million active installs.

Elementor plugin is free and open-source software released under the GPL license. This means that you can use it on as many websites as you like without having to pay anything.

Its Unique Features Include:

Summary Of CVE-2022-1329:

A critical remote code execution vulnerability in the Elementor WordPress plugin lets any authenticated user upload arbitrary PHP code on the site running a vulnerable version of the Elementor plugin, which enables the malicious user to take over the site or access the site’s additional resources on the server. 

The vulnerability exists due to no implementation of checks in the Onboarding module of the plugin. “The module uses an unusual method to register AJAX actions, adding an admin_init listener in its constructor that first checks whether or not a request was to the AJAX endpoint and contained a valid nonce before calling the maybe_handle_ajax function.” 

This vulnerability allows for the authenticated user (with subscriber-level to admin access) to obtain the Ajax::NONCE_KEY. 

The Implication Of CVE-2022-1329:

The flaw allows an attacker to create a fake malicious “Elementor Pro” plugin zip file. The attacker can use this plugin to take over the site or access additional resources on the server. 

How To Fix A Critical Remote Code Execution Vulnerability In Elementor?

Any Elementor version less than 3.6.0 is vulnerable to the CVE-2022-1329 flaw. Elementor rolled out a new version of the plugin on 12th April. We urge you to install/upgrade Elemontor to v3.6.3.

There are several ways to upgrade WordPress plugins. Elementor is no exception. 

If you have any trouble updating Elementor, feel free to reach out to wordpress or Elementor support team.

We hope this post would help you know How to Fix A Critical Remote Code Execution Vulnerability in Elementor- CVE-2022-1329. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.