May 14, 2023
Critical WordPress “Elementor” Addons Plugin Site-Takeover Vulnerability
‘Essential Addons for Elementor’ has released patch for a critical vulnerability.
Successful exploitation can allow an unauthenticated attacker to impersonate an administrator and completely take over a website without requiring any user interaction or social engineering.
- CVE-2023-32243 (CVSS 3.1: 9.8, Critical) – Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor, successful exploitation may allow a malicious unauthorized actor to gain administrative control on the affected website.
Essential Addons for Elementor: from 5.4.0 through 5.7.1.
CYREBRO recommends updating to the latest plugin version – 5.7.2 as soon as possible.