WordPress Elementor Pro attention update immediately

Hackers have managed to find a critical vulnerability in a widely used WordPress plugin that allows them to take complete control of millions of websites.

element pro

The vulnerability, which has a severity rating of 8,8 out of a possible 10, exists in Elementor Pro, a premium plugin that runs on more than 12 million websites powered by the WordPress content management system.

Elementor Pro allows users to create high-quality websites using a wide range of tools, one of which is WooCommerce, a separate WordPress plugin. When these conditions are met, anyone with an account on the site — for example a non-privileged subscriber — can create new accounts that have full administrative rights.

The vulnerability was discovered by Jerome Bruandet, a researcher of security company NinTechNet. Last week, the developer of Elementor Pro released version 3.11.7, which fixes the problem. In a post published on Tuesday, Bruandet said:

An attacker can exploit the vulnerability to create an administrator account by enabling registration (users_can_register) and setting the default role (default_role) to “administrator”, can change the administrator's email address (admin_email), or, as shown below, redirects all traffic to some external malicious website by changing the siteurl among others:

screenshot 2023 04 01

Researchers from security firm PatchStack report that the exploit is being actively used right now. So if your blog is running the Elementor Pro plugin, upgrade immediately.

iGuRu.gr The Best Technology Site in Greecegns

every publication, directly to your inbox

Join the 2.110 registrants.
WordPress, Elementor Pro

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).