As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we found that today a hacker looks to be probing for usage of the plugin Premium Addons for Elementor, which has 100,000+ installs, by requesting the file /wp-content/plugins/premium-addons-for-elementor/readme.txt. In looking into what the hacker might be interested in exploiting we found right away that there is an authenticated persistent cross-site scripting (XSS) vulnerability in the current version of the plugin that is similar to vulnerabilities that hackers have widely exploited recently. We saw other insecure code in the plugin and there may be additional vulnerabilities.

The plugin registers the function pa_save_maps_settings() to accessible via WordPress’ AJAX functionality to those logged in to WordPress: [Read more]