Security News > 2021 > March > Cyberattackers Exploiting Critical WordPress Plugin Bug
The Plus Addons for Elementor plugin for WordPress has a critical security vulnerability that attackers can exploit to quickly, easily and remotely take over a website.
"If you are using The Plus Addons for Elementor plugin, we strongly recommend that you deactivate and remove the plugin completely until this vulnerability is patched," researchers said.
WordPress plugins continue to offer an attractive avenue of attack for cybercriminals.
In January, researchers warned of two vulnerabilities in a WordPress plugin called Orbit Fox that could allow attackers to inject malicious code into vulnerable websites and/or take control of a website.
A plugin called PopUp Builder, used by WordPress websites for building pop-up ads for newsletter subscriptions, was found to have a vulnerability could be exploited by attackers to send out newsletters with custom content, or to delete or import newsletter subscribers.
In February, an unpatched, stored cross-site scripting security bug was found to potentially affect 50,000 Contact Form 7 Style plugin users.
News URL
https://threatpost.com/cyberattackers-exploiting-critical-wordpress-plugin-bug/164663/
Related news
- WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites (source)
- WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw (source)
- Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (source)
- Critical flaw in LayerSlider WordPress plugin impacts 1 million sites (source)