WordPress Pugin Vulnerability Puts Millions Of Websites At Risk

by | 04-04-2023

Elementor Pro is a famous plugin which is running on more than 11 million WordPress sites at the moment. This plugin allows developers to create exquisite websites, enabling a handful of features. In a shocking revelation, it has been discovered that there is an extremely critical vulnerability in Elementor Pro which allows perpetrators to gain complete control of any WordPress site using this extension.

As per the sources, this vulnerability was first discovered by a NinTechNet researcher named Jerome Bruandet. Meanwhile, other researchers have also highlighted the fact that this vulnerability is currently under exploitation from attackers with compromised files uploaded to several websites.

About the issue itself, the said vulnerability is the result of a broken access control on the WooCommerce plugin module. This vulnerability allows unauthorized users to modify the WordPress database with serious consequences. Bruandet revealed in his blog that this flaw allows any authenticated or unauthorized person to leverage the vulnerability and create an administrator account to elevate privileges. In order for this vulnerability to be exploited, a combination of Elementor Pro and and WooCommerce plugins must be installed on the WordPress site.

Acknowledging the presence of this lethal vulnerability, the developer of Elementor acted swiftly and released a patch in the version 3.11.7 to counter the threat. But the problem is far from over.

Not all users and developers have upgraded their WordPress sites and any website using an Elementor version 3.11.6 or lower has a potentially dangerous flaw that can be exploited by hackers with catastrophic outcomes.

Recent Posts

best open-source SQL clients
Best Open Source SQL Clients for Database Management

SQL databases like MySQL, PostgreSQL, and SQLite are used extensively across web and mobile applications. Developers need an effective SQL client to interface with these databases. While paid tools like TablePlus and Navicat are popular, open-source SQL clients provide a free alternative without compromising on features. In this article, I have highlighted the best open […]

Bun 1.0 released
Bun 1.0 Released as Fast Alternative to Node.js

The JavaScript toolkit Bun has recently announced its 1.0 release. Bun aims to provide a faster alternative to Node.js for running, building, testing, and debugging JavaScript and TypeScript.Created by Jarred Sumner, CEO of Oven, Bun is written in Zig and designed to eliminate the slowness and complexity that has accumulated in JavaScript tooling over time. […]

mongodb best practices
MongoDB Best Practices – Schema Design, Deployment & More

In today’s day and age, MongoDB is considered one of the most popular NoSQL databases. By offering features such as scalability and agility, MongoDB eclipses relational databases in more than one domain. MongoDB’s flexible database design allows developers to explore various schema design patterns. Whether you’re dealing with one-to-one relationships, arrays of data, or complex […]

flutter app development best practices
Flutter App Development Best Practices to Follow in 2023

With the advancements in digital technology, mobile app development has become one of the top fields to pursue. In the domain of cross-platform mobile app development, Flutter is unarguably the next big thing. One of the youngest and ever-evolving software development kits, Flutter is an open-source framework developed and maintained by Google. Since the launch […]

Profile Picture

Muhammad Mustafa is an experienced content writer with expertise in SEO. With a background in Software Engineering, Mustafa combines his knowledge of various technology stacks with a passion for writing. Besides writing, he loves cricket and traveling.

Muhammad Mustafa

Related Posts

Why Choose Flutter

Why Choose Flutter in 2023? [Top 5 Reasons to Use It]

With the ever-growing popularity of smartphones, more and more software houses and companies are focusing on mobile app development. This also means the demand for skilled mobile app developers is...

Introduction to MVC Framework

What is MVC Framework Model-View-Controller or MVC is an architectural pattern that is composed of three main components: View, Controller, and Model. It is a lightweight framework most commonly...

A New Curve: How Shopify Can Benefit From Blockchain Development

After a decade of proving its mantle in eCommerce, Shopify is trying to retain its reputation by branching out. Blockchain technology and Shopify might seem odd to a reader in a single sentence a...

How to Hire PHP Developers in 2023 [Complete Guide]

Getting your web development projects done with quality and on time by a competent PHP expert makes up for quite a treasure hunt. Especially if you are running a web development company, you must...

Why our clients
love us?

Our clients love us because we prioritize effective communication and are committed to delivering high-quality software solutions that meet the highest standards of excellence.

anton testimonial for ropstam solutions

“They met expectations with every aspect of design and development of the product, and we’ve seen an increase in downloads and monthly users.”

Anton Neugebauer, CEO, RealAdvice Agency
tariehk testimonial for ropstam solutions

“Willing to accommodate nonprofit budgets, Ropstam brought their robust experience to the project. They checked in consistently, and were communicative, easy to reach, and responsive.”

Tariehk, VP of Marketing.
mike stanzyk testimonial for ropstam solutions

“Their dedication to their clients is really impressive.  Ropstam Solutions Inc. communicates effectively with the client to ensure customer satisfaction.”

Mike Stanzyk, CEO, Stanzyk LLC

“Ropstam was an excellent partner in bringing our vision to life! They managed to strike the right balance between aesthetics and functionality, ensuring that the end product was not only visually appealing but also practical and usable.”

Jackie Philbin, Director - Nutrition for Longevity

Supercharge your software development with our expert team – get in touch today!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.