Security News > 2023 > March > Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs
Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites.
Elementor Pro is a WordPress page builder plugin allowing users to easily build professional-looking sites without knowing how to code, featuring drag and drop, theme building, a template collection, custom widget support, and a WooCommerce builder for online shops.
It is important to note that for the particular flaw to be exploited, the WooCommerce plugin must also be installed on the site, which activates the corresponding vulnerable module on Elementor Pro.
WordPress security firm PatchStack is now reporting that hackers are actively exploiting this Elementor Pro plugin vulnerability to redirect visitors to malicious domains or upload backdoors to the breached site.
If your site uses Elementor Pro, it is imperative to upgrade to version 3.11.7 or later as soon as possible, as hackers are already targeting vulnerable websites.
Last week, WordPress force-updated the WooCommerce Payments plugin for online stores to address a critical vulnerability that allowed unauthenticated attackers to gain administrator access to vulnerable sites.
News URL
Related news
- Hackers exploit critical RCE flaw in Bricks WordPress site builder (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Hackers target WordPress database plugin active on 1 million sites (source)
- Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data (source)
- Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor (source)
- Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT (source)
- Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites (source)