A critical unauthenticated arbitrary file upload vulnerability has been discovered in the Royal Elementor Addons and Templates plugin for WordPress.

This vulnerability allows attackers to upload arbitrary files to vulnerable websites without having to authenticate.

A majority of the attacks appear to be coming from just the following three IP Addresses:

  • 65.21.22.78 with 33,255 attacks blocked.
  • 2a01:4f9:3080:4eea::2 with 12,289 attacks blocked.
  • 135.181.181.50 with 206 attacks blocked.

According to Wordfence researchers, it appears that attackers have been attempting to place files named b1ack.p$hp, which has an md5 hash of 1635f34d9c1da30ff5438e06d3ea6590 and can be used to place additional PHP files on the site, as well as wp.ph$p which has an md5 hash of bac83f216eba23a865c591dbea427f22 and inserts a malicious administrator.

b1ack.p$hp contains the following code:

wp.ph$p contains the following code:

Buy Me A Coffee

The Royal Elementor Addons and Templates plugin has over 200,000 active installations, which means that a large number of websites are potentially vulnerable to this attack.

READ
AMD Investigates Alleged Data Breach, Stolen Company Data Claims Emerge