Security News > 2020 > May > Elementor Plugin Vulnerabilities Exploited to Hack WordPress Sites
Threat actors are actively targeting a vulnerability in the Elementor Pro plugin for WordPress to compromise websites, WordPress security company Defiant warned this week.
With an estimated install base of over 1 million websites, Elementor Pro is the paid version of the free Elementor plugin, a drag and drop page builder.
Only Elementor Pro, which is available as a separate download, is impacted by the vulnerability.
If the site does not have user registration enabled, the attackers are attempting to exploit a recently patched vulnerability in the Ultimate Addons for Elementor plugin, which allows them to bypass registration and create subscriber accounts.
Ultimate Addons for Elementor version 1.24.2 addresses the registration bypass flaw and users are advised to update as soon as possible, especially if they use the plugin alongside Elementor Pro.