Security News > 2021 > March > Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites
Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios.
The flaws were uncovered in Elementor, a website builder plugin used on more than seven million sites, and WP Super Cache, a tool used to serve cached pages of a WordPress site.
"If an administrator reviewed a post containing malicious JavaScript, their authenticated session with high-level privileges could be used to create a new malicious administrator, or to add a backdoor to the site. An attack on this vulnerability could lead to site takeover."
Separately, an authenticated remote code execution vulnerability was discovered in WP Super Cache that could allow an adversary to upload and execute malicious code with the goal of gaining control of the site.
The plugin is reported to be used on more than two million WordPress sites.
It's highly recommended that users of the plugins update to the latest versions to mitigate the risk associated with the flaws.