Researchers have reported that hackers are exploiting a critical vulnerability in a widely used WordPress plugin, which could give them control over millions of websites. The vulnerability has a severity rating of 8.8 out of 10 and is present in Elementor Pro, a plugin that’s integrated by over 12 million WordPress websites.
Jerome Bruandet, a security researcher at NinTechNet, discovered the vulnerability. Elementor has since released a patch for the flaw with version 3.11.7. Bruandet confirmed this development, stating that the vulnerability has been addressed.
The vulnerability can be exploited by an authenticated attacker to create an administrator account, provided that registration is enabled and the default role is set to “administrator“. Other potential exploits include modifying the administrator email address and redirecting traffic to a malicious external website, among other possibilities.
Security researchers from PatchStack have verify that hackers are exploiting the vulnerability in Elementor Pro. This underscores the importance of updating to version 3.11.7 or later if you’re an Elementor Pro user. Older versions are vulnerable to the exploit.
As an added precaution, users should examine their websites for any signs of infection. It’s important to take these steps to mitigate any potential risks associated with the vulnerability.
Story Credit
