Recently, security researchers have warned about a critical vulnerability found in the Elementor Pro plugin, a popular add-on used by over 12 million websites that use WordPress as their content management system. According to reports, hackers are exploiting this vulnerability, which could potentially enable them to gain full control of millions of websites.
The security flaw, with a severity rating of 8.8 out of 10, was discovered by security researcher Jerome Bruandet of NinTechNet. The flaw allows an authenticated attacker to create a new administrator account with complete control over the website by meeting certain conditions, such as having a user account on the site. The hacker can also change the administrator email address or redirect traffic to an external malicious website.
READ MORE: Top Best Online Course Platforms in Pakistan
In addition, researchers from PatchStack, a separate security firm, have confirmed that hackers are actively exploiting this vulnerability. Therefore, it is essential for Elementor Pro users to ensure that their plugin is updated to version 3.11.7 or above. Any earlier version of the plugin is vulnerable to exploitation, and it is recommended that users scan their websites for any signs of infection.
Elementor has since released a patch to address the security flaw, and users are advised to update their plugins as soon as possible to protect their websites from potential compromise. With the widespread use of Elementor Pro, the consequences of this vulnerability could be devastating for millions of WordPress websites. It is crucial for website owners to take the necessary steps to safeguard their online presence against this threat.
