• Home
  • |
  • Blog
  • |
  • How To Fix A Critical Remote Code Execution Vulnerability In Elementor- CVE-2022-1329
How to Fix A Critical Remote Code Execution Vulnerability in Elementor

Recently, A security researcher, Ramuel Gall from Wordfence, uncovered a critical remote code execution vulnerability in the Elementor WordPress plugin. The vulnerability is tracked under CVE ID ‘CVE-2022-1329’ and has been rated critical severity with a CVSS score of 9.9. The flaw allows any authenticated user to upload arbitrary PHP code on the site running a vulnerable version of the Elementor plugin, which enables the malicious user to take over the site or access additional resources on the server. This post is important for those who have the Elementor plugin installed on their WordPress site to know how to fix the critical remote code execution vulnerability in the Elementor WordPress plugin.

About Elementor Plugin And Its Features:

Elementor is a WordPress plugin that allows you to create custom pages and post layouts using a drag and drop interface. It is the most popular WordPress page builder plugin, with over 5 million active installs.

Elementor plugin is free and open-source software released under the GPL license. This means that you can use it on as many websites as you like without having to pay anything.

Its Unique Features Include:

  • Drag and drop interface: You can easily create custom page layouts using the drag and drop interface. No coding knowledge is required.
  • Widget library: Elementor comes with a library of over 50 widgets that you can use to add different elements to your pages and posts.
  • Responsive design: Elementor pages are automatically responsive and look great on all devices.
  • Live preview: You can see how your page will look like as you are creating it. There is no need to save or publish your changes.

Summary Of CVE-2022-1329:

A critical remote code execution vulnerability in the Elementor WordPress plugin lets any authenticated user upload arbitrary PHP code on the site running a vulnerable version of the Elementor plugin, which enables the malicious user to take over the site or access the site’s additional resources on the server. 

The vulnerability exists due to no implementation of checks in the Onboarding module of the plugin. “The module uses an unusual method to register AJAX actions, adding an admin_init listener in its constructor that first checks whether or not a request was to the AJAX endpoint and contained a valid nonce before calling the maybe_handle_ajax function.” 

This vulnerability allows for the authenticated user (with subscriber-level to admin access) to obtain the Ajax::NONCE_KEY. 

Associated CVE IDCVE-2022-1329
DescriptionA Critical Remote Code Execution Vulnerability in Elementor WordPress plugin.
Associated ZDI ID
CVSS Score9.9 Critical
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)Low
User Interaction (UI)None
ScopeChanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

The Implication Of CVE-2022-1329:

The flaw allows an attacker to create a fake malicious “Elementor Pro” plugin zip file. The attacker can use this plugin to take over the site or access additional resources on the server. 

How To Fix A Critical Remote Code Execution Vulnerability In Elementor?

Any Elementor version less than 3.6.0 is vulnerable to the CVE-2022-1329 flaw. Elementor rolled out a new version of the plugin on 12th April. We urge you to install/upgrade Elemontor to v3.6.3.

There are several ways to upgrade WordPress plugins. Elementor is no exception. 

  1. Log into your WordPress website.
  2. Go to the Plugins page and find Elementor.
  3. Click on “Update now” next to Elementor.
  4. WordPress will update the plugin, and you’ll be all set.

If you have any trouble updating Elementor, feel free to reach out to wordpress or Elementor support team.

We hope this post will help you know How to Fix A Critical Remote Code Execution Vulnerability in Elementor- CVE-2022-1329. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

To know more about me. Follow me on LinkedIn
Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.