WordPress vulnerability puts millions of websites at risk

A plugin put millions of websites at risk, according to research by NinTechNet

A vulnerability in a WordPress plugin put millions of websites built on WordPress at risk, as it allows a malicious actor to log in as an administrator and take control of the site with full privileges.

Elementor Pro is a plugin that allows users to create professional-looking web pages easily, without the need for them to know how to code. It is installed on more than eleven million pages.

Researchers at NinTechNet, a company that designed a firewall web application for WordPress, have identified a vulnerability in Elementor Pro, which was rated “high severity”, as reported on their official blog.

This bug is found in the premium version and its exploitation requires WooCommerce to be enabled on the website, thus giving access to the registration page, where a malicious actor could create an account with administrator privileges.

Jerome Bruandet of NinTechNet discovered the vulnerability on March 18, in version 3.11.6 (and earlier) of Elementor Pro. Patchstack researchers have confirmed that the vulnerability has been actively exploited, and therefore it is recommended to install when before the correction that Elementor (3.11.7) has already prepared, available since March 22.

K. Tovar

Source: Notiamerica

(Reference image source: Fikret Tozak, Unsplash)

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on Twitter and Instagram

Comments are closed.