Recently, a high-severity WordPress vulnerability was discovered in the popular Elementor Pro plugin. This could potentially allow attackers to take control of affected websites. If you're using this plugin, you may be wondering what you can do to safeguard your website from this vulnerability.
At BitNinja, we understand the importance of website security. Therefore, we are always working to develop new ways to protect our users. That's why we have developed a new WAF rule that can help prevent these attacks.
The vulnerability in Elementor Pro allows an attacker to execute arbitrary code using specially crafted requests. This potentially can lead to a complete compromise of the website.
The flaw exists due to insufficient validation of user-supplied data in the "template" parameter of the "wp_ajax_elementor_save_template" AJAX action.
/**
* Register Ajax Actions.
*
* Registers ajax action used by the Editor js.
*
* @since 3.5.0
*
* @param Ajax $ajax
*/
public function register_ajax_actions( Ajax $ajax ) {
// `woocommerce_update_page_option` is called in the editor save-show-modal.js.
$ajax->register_ajax_action( 'pro_woocommerce_update_page_option', [ $this, 'update_page_option' ] );
$ajax->register_ajax_action( 'pro_woocommerce_mock_notices', [ $this, 'woocommerce_mock_notices' ] );
}
They fixed the issue in version 3.11.7 of the plugin. In case, you're using an older version, it's critical that you update it as soon as possible.
However, even if you have updated to the latest version, there's still a risk that attackers could attempt to exploit this vulnerability on your website.
That's why having an additional layer of protection, such as a web application firewall (WAF), can be helpful in blocking malicious requests before they reach the server.
That's where BitNinja's new WAF rule comes in.
We designed our new rule to block requests matching the pattern attackers used to exploit the Elementor Pro vulnerability. This means that if an attacker tries to exploit this on your website, our WAF will detect and block the malicious request, preventing them from executing arbitrary code on your server.
What's more, our WAF rule is fully compatible with the latest version of Elementor Pro, so you can rest assured that you're protected against this vulnerability without sacrificing any of the plugin's features.
Cybersecurity is crucial in today's digital landscape. Vulnerabilities like the one found in Elementor Pro can pose a serious threat to your online presence. That's why we want to provide our users with the most advanced security solutions available.
If you're a BitNinja user, you can take advantage of our new WAF rule by simply enabling the WAF module in your dashboard if it was not already turned on.
And if you're not yet a BitNinja user, we encourage you to give our platform a try! Experience the peace of mind that comes with knowing your server and website are protected.
