Security News > 2023 > April > Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk!
Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress.
The premium plugin is estimated to be used on over 12 million sites.
Successful exploitation of the high-severity flaw allows an authenticated attacker to complete a takeover of a WordPress site that has WooCommerce enabled.
Users of the Elementor Pro plugin are recommended to update to 3.11.7 or 3.12.0, which is the latest version, as soon as possible to mitigate potential threats.
The advisory comes over a year after the Essential Addons for Elementor plugin was found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
Last week, WordPress issued auto-updates to remediate another critical bug in the WooCommerce Payments plugin that allowed unauthenticated attackers to gain administrator access to vulnerable sites.
News URL
https://thehackernews.com/2023/04/hackers-exploiting-wordpress-elementor.html
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- The 4 WordPress flaws hackers targeted the most in Q1 2025 (source)
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
- Hackers abuse WordPress MU-Plugins to hide malicious code (source)