Hackers exploit WordPress plugin flaw that gives full control of millions of sites

 In Biz & IT, content management system, exploits, plugin, vulnerabilities, wordpress
0

Hackers exploit WordPress plugin flaw that gives full control of millions of sites

Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Hackers exploit WordPress plugin flaw that gives full control of millions of sites

Enlarge (credit: Getty Images)

Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said.

The vulnerability, which carries a severity rating of 8.8 out of a possible 10, is present in Elementor Pro, a premium plugin running on more than 12 million sites powered by the WordPress content management system. Elementor Pro allows users to create high-quality websites using a wide range of tools, one of which is WooCommerce, a separate WordPress plugin. When those conditions are met, anyone with an account on the site—say a subscriber or customer—can create new accounts that have full administrator privileges.

The vulnerability was discovered by Jerome Bruandet, a researcher with security firm NinTechNet. Last week, Elementor, the developer of the Elementor Pro plugin, released version 3.11.7, which patched the flaw. In a post published on Tuesday, Bruandet wrote:

Read 7 remaining paragraphs | Comments

Elementor Pro fixed the vulnerability, but not everyone has installed the patch.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt
These angry Dutch farmers really hate MicrosoftBiz & IT, climate change, data centers, Europe, microsoft, Netherlands, Policy, syndication
Users fume after My Cloud network breach locks them out of their dataBiz & IT, data theft, my cloud, network breach, outage, Western Digital