Security News > 2023 > March > Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs

Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites.

Elementor Pro is a WordPress page builder plugin allowing users to easily build professional-looking sites without knowing how to code, featuring drag and drop, theme building, a template collection, custom widget support, and a WooCommerce builder for online shops.

It is important to note that for the particular flaw to be exploited, the WooCommerce plugin must also be installed on the site, which activates the corresponding vulnerable module on Elementor Pro.

WordPress security firm PatchStack is now reporting that hackers are actively exploiting this Elementor Pro plugin vulnerability to redirect visitors to malicious domains or upload backdoors to the breached site.

If your site uses Elementor Pro, it is imperative to upgrade to version 3.11.7 or later as soon as possible, as hackers are already targeting vulnerable websites.

Last week, WordPress force-updated the WooCommerce Payments plugin for online stores to address a critical vulnerability that allowed unauthenticated attackers to gain administrator access to vulnerable sites.

News URL

https://www.bleepingcomputer.com/news/security/hackers-exploit-bug-in-elementor-pro-wordpress-plugin-with-11m-installs/