Application Details
This WordPress plugin enhances the Elementor page building experience with 90+ creative elements and extensions. This plugin adds powers to our page builder using the easy-to-use elements those were designed to make our next WordPress page and posts design easier and prettier than ever before.
Vulnerability
This vulnerability allows for unauthenticated takeover of websites, where attackers are able to take full admin control, and install malicious plugins.
Identification
By sending a specially crafted request, an attacker could exploit this vulnerability to gain system control.
Sucuri observed a large spike in infections, associated with the Balada malware campaign. Many of which included a Doppelgänger post-layouts (Post Layouts for Gutenberg) plugin. The “s” in posts can clearly be identified in this example request:
POST /wp-admin/plugins.php?wc-ajax=1&action=activate&plugin=posts-layouts/posts-layouts.php&plugin_status=all&_wpnonce=810f12b23cDetection
By turning this into a traffic file and matching rule, we are able to detect attempts of privilege escalation by unauthenticated attackers.
Coverage
Idappcom have created signature 8023894 along with a traffic file for this vulnerability.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
Comments