A recent discovery of a high-severity vulnerability in the widely used WordPress Elementor Pro plugin has raised concerns about website security. This vulnerability has the potential to allow attackers to gain control of affected websites, posing a serious threat to online presence. In response, BitNinja, a leading cybersecurity company, has developed a new Web Application Firewall (WAF) rule to help safeguard websites from this vulnerability.
/**
* Register Ajax Actions.
*
* Registers ajax action used by the Editor js.
*
* @since 3.5.0
*
* @param Ajax $ajax
*/
public function register_ajax_actions( Ajax $ajax ) {
// `woocommerce_update_page_option` is called in the editor save-show-modal.js.
$ajax->register_ajax_action( 'pro_woocommerce_update_page_option', [ $this, 'update_page_option' ] );
$ajax->register_ajax_action( 'pro_woocommerce_mock_notices', [ $this, 'woocommerce_mock_notices' ] );
}The vulnerability in Elementor Pro enables attackers to execute arbitrary code using specially crafted requests, potentially leading to a complete compromise of the website. The issue stems from insufficient validation of user-supplied data in the “template” parameter of the “wp_ajax_elementor_save_template” AJAX action. Fortunately, the plugin’s developers have released a fix in version 3.11.7, and users are strongly advised to update to the latest version as soon as possible to mitigate the risk.
However, even with the latest update, there is still a risk that attackers may attempt to exploit this vulnerability on websites. To provide an additional layer of protection, BitNinja has introduced a new WAF rule designed to block requests that match the pattern used by attackers to exploit the Elementor Pro vulnerability. This means that if an attacker tries to exploit the vulnerability on a website protected by BitNinja’s WAF, the malicious request will be detected and blocked, preventing the execution of arbitrary code on the server.
One of the significant advantages of BitNinja’s WAF rule is its full compatibility with the latest version of Elementor Pro. Users can rest assured that they are protected against the vulnerability without sacrificing any of the plugin’s features. Enabling the WAF module in the BitNinja dashboard, if it was not already turned on, allows BitNinja users to take advantage of this new rule and enhance their website security.
In today’s digital landscape, cybersecurity is of utmost importance, and vulnerabilities like the one found in Elementor Pro can pose significant risks to websites. BitNinja remains committed to providing its users with the most advanced security solutions, and their new WAF rule is a testament to that commitment. Whether you are already a BitNinja user or considering trying their platform, you can experience the peace of mind that comes with knowing your server and website are protected against potential vulnerabilities.
BitNinja’s new WAF rule can help you safeguard your website from the recently discovered vulnerability in the popular WordPress Elementor Pro plugin. Our team at BitNinja is constantly working to develop innovative ways to protect our users, and our WAF rule is designed to block malicious requests that exploit this vulnerability. Updating to the latest version of Elementor Pro is critical, but having an additional layer of protection with BitNinja’s WAF rule can further prevent attackers from executing arbitrary code on your server. Plus, our WAF rule is fully compatible with the latest version of Elementor Pro, ensuring that you can protect your website without sacrificing any plugin features. Choose BitNinja for advanced security solutions and experience peace of mind knowing your servers and websites are secure. Get your BitNinja license now!
