How To Fix A Critical Remote Code Execution Vulnerability In Elementor- CVE-2022-1329

Recently, A security researcher, Ramuel Gall from Wordfence, uncovered a critical remote code execution vulnerability in the Elementor WordPress plugin. The vulnerability is tracked under CVE ID ‘CVE-2022-1329’ and has been rated critical severity with a CVSS score of 9.9. The flaw allows any authenticated user to upload arbitrary PHP code on the site running a vulnerable version of the Elementor plugin, which enables the malicious user to take over the site or access additional resources on the server. This post is important for those who have the Elementor plugin installed on their WordPress site to know how to fix the critical remote code execution vulnerability in the Elementor WordPress plugin.

Table of Contents

About Elementor Plugin And Its Features:

Elementor is a WordPress plugin that allows you to create custom pages and post layouts using a drag and drop interface. It is the most popular WordPress page builder plugin, with over 5 million active installs.

Elementor plugin is free and open-source software released under the GPL license. This means that you can use it on as many websites as you like without having to pay anything.

Its Unique Features Include:

Drag and drop interface: You can easily create custom page layouts using the drag and drop interface. No coding knowledge is required.
Widget library: Elementor comes with a library of over 50 widgets that you can use to add different elements to your pages and posts.
Responsive design: Elementor pages are automatically responsive and look great on all devices.
Live preview: You can see how your page will look like as you are creating it. There is no need to save or publish your changes.

Summary Of CVE-2022-1329:

A critical remote code execution vulnerability in the Elementor WordPress plugin lets any authenticated user upload arbitrary PHP code on the site running a vulnerable version of the Elementor plugin, which enables the malicious user to take over the site or access the site’s additional resources on the server.

The vulnerability exists due to no implementation of checks in the Onboarding module of the plugin. “The module uses an unusual method to register AJAX actions, adding an admin_init listener in its constructor that first checks whether or not a request was to the AJAX endpoint and contained a valid nonce before calling the maybe_handle_ajax function.”

This vulnerability allows for the authenticated user (with subscriber-level to admin access) to obtain the Ajax::NONCE_KEY.

Associated CVE ID	CVE-2022-1329
Description	A Critical Remote Code Execution Vulnerability in Elementor WordPress plugin.
Associated ZDI ID	–
CVSS Score	9.9 Critical
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Impact Score	–
Exploitability Score	–
Attack Vector (AV)	Network
Attack Complexity (AC)	Low
Privilege Required (PR)	Low
User Interaction (UI)	None
Scope	Changed
Confidentiality (C)	High
Integrity (I)	High
availability (a)	High

The Implication Of CVE-2022-1329:

The flaw allows an attacker to create a fake malicious “Elementor Pro” plugin zip file. The attacker can use this plugin to take over the site or access additional resources on the server.