Hackers have been exploiting a vulnerability in the Elementor Pro WordPress plugin, which has over 11 million installs. The bug was discovered by researchers at Wordfence and is being actively exploited in the wild.
Elementor Pro is a popular page builder plugin for WordPress that allows users to easily create custom designs for their websites without needing any coding knowledge. It also provides features such as drag-and-drop editing, live previews of changes, and access to hundreds of free templates.
The vulnerability affects all versions of Elementor Pro prior to 2.9.4 and can be used by attackers to gain full control over vulnerable sites. This includes creating new admin accounts with administrator privileges or executing malicious code on the site’s server side. Attackers can then use these privileges to steal sensitive data from the website or inject malware into it that could spread further across other websites hosted on the same server or networked together with it through shared resources like databases or file systems.
Wordfence researchers first became aware of this issue when they noticed an increase in attacks targeting vulnerable sites using this exploit since mid-April 2021. They believe that attackers are likely scanning for vulnerable sites using automated tools before attempting to exploit them manually once they find one that is susceptible to attack due its outdated version of Elementor Pro installed on it .
To protect against this vulnerability, users should update their version of Elementor Pro immediately if they haven’t already done so (version 2.9 4 released April 28th). Additionally, administrators should ensure that all plugins are kept up-to-date and regularly scan their websites for signs of compromise such as unexpected files appearing on disk or suspicious database entries being added without authorization . Finally , admins should consider implementing additional security measures such as two factor authentication (2FA) which adds an extra layer protection against unauthorized access attempts even if someone were able get past your initial login credentials somehow .
In response to reports about this issue , developers behind Elementor have released a patch addressing it within 24 hours after learning about it from Wordfence’s report . They also recommend updating any affected installations immediately in order keep them secure from potential exploitation attempts going forward .
It’s important for webmasters running WordPress powered websites take steps necessary stay safe online – especially those who rely heavily third party plugins like Elementor Pro manage content creation tasks quickly efficiently without having worry too much technical details involved process itself . By keeping software up date making sure only trusted sources used install extensions onto system , administrators can reduce risk falling victim cyberattacks significantly while still enjoying benefits modern technologies offer us today . |Hackers Exploit Bug In Popular WordPress Plugin|Security|BleepingComputer
In recent news, attackers have been using an abandoned WordPress plugin to backdoor websites. This malicious activity was first reported by security researchers at Wordfence