WordPress plugin vulnerability is putting millions of websites in danger
This hack could allow exploiters to gain access to and potentially control millions of websites.
A WordPress exploit is putting millions of websites in danger. According to researchers, hackers are taking advantage of a critical vulnerability in a commonly used WordPress plugin.
This hack could allow exploiters to gain access to and potentially control millions of websites. The vulnerability has a severity rating of 8.8 out of 10, and it is present in Elementor Pro. It is a popular plugin and over 12 million websites that use the WordPress content management system tend to use it.
The vulnerability was first discovered by Jerome Bruandet, who is a security researcher with NinTechNet. Since then, Elementor has released a patch for the flaw with a new version.
Bruandet wrote that an authenticated attacker can leverage this vulnerability and it could create an administrator account by allowing registration. Likewise, this also changes the default role to ‘administrator,’ change email, and redirects traffic to a potentially malicious website, among many other possibilities.
An authenticated attacker can leverage the vulnerability to create an administrator account by enabling registration and setting the default role to “administrator”, change the administrator email address or redirect all traffic to an external malicious website by changing among many other possibilities.
It was also confirmed by researchers that the vulnerability is currently being used as a method of exploitation.
What is Elementor Pro?
Elementor Pro is a plugin that allows a range of features, which make it easier for users to create high-quality websites, including WooCommerce, another WordPress plugin. If new conditions are met, then a customer can create new accounts with proper administrator privileges.
It is advised that those who use Elementor Pro need to ensure that their plugin is updated to the latest version, as earlier ones are exposed to the vulnerability. Likewise, it is advised for users to examine their website for potential malicious behavior.
What are your views on this? Share in the comments bar below.