May 14, 2023

Critical WordPress “Elementor” Addons Plugin Site-Takeover Vulnerability

‘Essential Addons for Elementor’ has released patch for a critical vulnerability.

Successful exploitation can allow an unauthenticated attacker to impersonate an administrator and completely take over a website without requiring any user interaction or social engineering.

The Vulnerability

• CVE-2023-32243 (CVSS 3.1: 9.8, Critical) – Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor, successful exploitation may allow a malicious unauthorized actor to gain administrative control on the affected website.

Affected Products

Essential Addons for Elementor: from 5.4.0 through 5.7.1.

Mitigation

CYREBRO recommends updating to the latest plugin version – 5.7.2  as soon as possible.

References: patchstack