May 23, 2023
On May 12, 2023, just hours after the publication of a vulnerability in the Essential Addons for Elementor plugin, the website of a well known Armenian organization was hacked. The hackers had full access to the WordPress admin panel and were preparing to take further action when the team at CyberHUB-AM “got them”.
This incident is a warning to all organizations with WordPress websites: these days vulnerabilities are exploited very quickly, so it is important to update your plugins and software regularly. WordPress websites are not immune to attack, and they require ongoing maintenance and security updates. Sadly, most Armenian companies see their websites as a refrigerator that you buy and put in the kitchen and forget about it for years.
Getting a website for an organization is a big decition, it means devoting resources to its daily maintenance, updates and security…
NOTE: CyberHUB-AM is offering free support to human rights organizations and independent media that are exposed to this vulnerability or have been hacked. If you have been affected by this incident, don’t hesitate to get in touch.
The vulnerability in the Essential Addons for Elementor plugin, which is installed on over a million WordPress sites, allows hackers to change the admin password and gain full control of the website. The current and secure version of the plugin is 5.7.3. Stop reading this and update right now!
This vulnerability is not unique to Essential Addons for Elementor. Just over a year ago, another serious issue with the same plugin emerged. In that case, the vulnerability allowed hackers to execute arbitrary code on the website.
WordPress is a popular content management system that is used by millions of websites around the world. It is a powerful tool that can be used to create a variety of websites, from simple blogs to complex e-commerce sites.
However, WordPress is also a complex piece of software, and it can be difficult to keep it secure. There are many plugins and themes available for WordPress, and some of them can contain vulnerabilities. It is important to update your WordPress software and plugins regularly to protect your website from attack.
A Shodan scan revelas about 56,525 websites in the Armenian *.am TLD, a significant number of which have WordPress under the hood.
There are a number of things you can do to protect your WordPress website from attack:
By following these tips, you can help to protect your WordPress website from attack.