Bleeping Computer

WordPress Elementor plugin bug let attackers hijack accounts on 1M sites

One of WordPress's most popular Elementor plugins, "Essential Addons for Elementor," was found to be vulnerable to an unauthenticated privilege escalation that could allow remote attacks to gain ...
Searchenginejournal.com

WordPress Elementor Plugin Remote Code Execution Vulnerability

A vulnerability was discovered in Elementor, starting with version 3.6.0, that allows an attacker to upload arbitrary code and stage a full site takeover. The flaw was introduced through a lack of ...
Bleeping Computer

Hackers target vulnerable Wordpress Elementor plugin after PoC released

Hackers are now actively probing for vulnerable Essential Addons for Elementor plugin versions on thousands of WordPress websites in massive Internet scans, attempting to exploit a critical account ...
Threat Post

Cyberattackers Exploiting Critical WordPress Plugin Bug

The security hole in the Plus Addons for Elementor plugin was used in active zero-day attacks prior to a patch being issued. The Plus Addons for Elementor plugin for WordPress has a critical security ...
Infosecurity-magazine.com

Essential Addons for Elementor XSS Vulnerability Discovered

A critical security vulnerability in Essential Addons for Elementor has been identified, potentially impacting over two million WordPress websites. The flaw, a reflected cross-site scripting (XSS) ...
Searchenginejournal.com

WordPress Metform Elementor Contact Form Builder Plugin Vulnerability

The U.S. government National Vulnerability Database (NVD) issued an advisory about a vulnerability affecting Metform Elementor Contact Form Builder WordPress plugin that could leak sensitive ...
The Hindu

Hackers exploit security bug in a WordPress plugin used by 11 million websites

Threat actors are actively exploiting a security bug in Elementor Pro, a popular WordPress plugin used by over 11 million websites. The security bug allows authenticated users like shop customers or ...