Security News > 2021 > March > Cyberattackers Exploiting Critical WordPress Plugin Bug

Cyberattackers Exploiting Critical WordPress Plugin Bug
2021-03-10 20:25

The Plus Addons for Elementor plugin for WordPress has a critical security vulnerability that attackers can exploit to quickly, easily and remotely take over a website.

"If you are using The Plus Addons for Elementor plugin, we strongly recommend that you deactivate and remove the plugin completely until this vulnerability is patched," researchers said.

WordPress plugins continue to offer an attractive avenue of attack for cybercriminals.

In January, researchers warned of two vulnerabilities in a WordPress plugin called Orbit Fox that could allow attackers to inject malicious code into vulnerable websites and/or take control of a website.

A plugin called PopUp Builder, used by WordPress websites for building pop-up ads for newsletter subscriptions, was found to have a vulnerability could be exploited by attackers to send out newsletters with custom content, or to delete or import newsletter subscribers.

In February, an unpatched, stored cross-site scripting security bug was found to potentially affect 50,000 Contact Form 7 Style plugin users.


News URL

https://threatpost.com/cyberattackers-exploiting-critical-wordpress-plugin-bug/164663/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 95 44 18 159
Plugin 2 0 13 1 0 14