Active exploitation of bug in widely used WordPress plugin ongoing

Popular WordPress plugin Essential Addons for Elementor, which is used across one million sites, has been found to have an actively exploited critical unauthenticated privilege escalation vulnerability, tracked as CVE-2023-32243, with Wordfence noting that 200 attacks leveraging the flaw have been averted over a 24-hour period, The Hacker News reports. Threat actors could use the already-addressed flaw to facilitate privilege escalation and arbitrary user password resets, which could enable website hijacking, said Patchstack researcher Rafie Muhammad. "This vulnerability occurs because this password reset function does not validate a password reset key and instead directly changes the password of the given user," Muhammad noted. WordPress sites were also reported by Sucuri to have been targeted with the SocGholish malware, also known as FakeUpdates, since late March. Such an attack involved the use of compression techniques facilitated by the zlib software library for malware concealment. "Bad actors are continually evolving their tactics, techniques, and procedures to evade detection and prolong the life of their malware campaigns," said Sucuri researcher Denis Sinegubko.