Security News > 2023 > April > Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk!
Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress.
The premium plugin is estimated to be used on over 12 million sites.
Successful exploitation of the high-severity flaw allows an authenticated attacker to complete a takeover of a WordPress site that has WooCommerce enabled.
Users of the Elementor Pro plugin are recommended to update to 3.11.7 or 3.12.0, which is the latest version, as soon as possible to mitigate potential threats.
The advisory comes over a year after the Essential Addons for Elementor plugin was found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
Last week, WordPress issued auto-updates to remediate another critical bug in the WooCommerce Payments plugin that allowed unauthenticated attackers to gain administrator access to vulnerable sites.
News URL
https://thehackernews.com/2023/04/hackers-exploiting-wordpress-elementor.html
Related news
- WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites (source)
- LiteSpeed Cache WordPress plugin bug lets hackers get admin access (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)