WordPress site owners have been warned about two plugins made by Brainstorm force that need to be fixed immediately; otherwise, their sites might be vulnerable to attacks. The bug in the website grants hackers administrative access to any of these plugins. However, Brainstorm Force claims that only one customer has had their site compromised because of this vulnerability. Whether there have been more attacks is unconfirmed, but users of these plugins should be aware.
Ultimate Addons for Elementor and Ultimate Addons for Beaver Builder are the two plugins in question. These two plugins were created to aid a website publisher to input advanced designs and user functions on their website, by using certain frameworks like Elementor and Beaver Builder.
In a post published by security firm MalCare earlier this week, “[This is] a major vulnerability that could allow hackers to gain admin access to any WordPress website that had the plugin installed. This means hackers can gain full control of your website if you are using the plugin,”
Classified as an authentication bypass bug, the flaw was discovered last week on Wednesday, and MalCare immediately notified Brainstorm Force about the issue that same day. Luckily, Brainstorm Force was able to patch up the plugin quickly and fixed the bug.
Users of these plugins should immediately download the patched version: Ultimate Addons for Elementor (version 1.20.1) and Ultimate Addons for Beaver Builder (version 184.108.40.206)
For the hackers to exploit the bug, it was relatively simple. The hacker needed the email address of the admin of the account. The flaw remained as long as the plugin continued to be used, making it simple to gain access to the site as an administrator. Users who are still using the vulnerable version of the plugin will see that there is a feature that lets people log in with a username/password combination, Google, and Facebook. That means the hackers were able to get the passwords very quickly.
According to an interview, Brainstorm Force says that they have updated the plugin, and you can get access to the new version with just one click. You’ll see in your WordPress dashboard that there is an update notification.
Why Updating Your Plugins Is Important
No matter how secure your web hosting services are, there is only so much the hosting provider can do to keep your website safe if you aren’t updating your plugins. By updating your WordPress, themes, and plugins, you are helping to keep your site secure by fixing bugs, increasing security, and adding functionality and features. By clicking update, it is the best way to reduce the likelihood of an attack because those vulnerabilities have been resolved by the developer, closing that back door to the hacker.
WordPress users are especially vulnerable. Most hacked sites haven’t been recently updated, and hackers know this. They tend to target outdated versions of plugins, themes, and PHP because it is easy for them to exploit a vulnerability.
Keep your website safe by updating your website and its features when prompted.