April 2, 2023
Critical WordPress “Elementor” Plugin Site-Takeover Vulnerability
‘Elementor’ has released patch for a critical vulnerability, affecting the ‘Elementor’ WordPress page builder plugin.
Successful exploitation can allow an unauthenticated attacker to impersonate an administrator and completely take over a website without requiring any user interaction or social engineering.
- Authentication bypass and privilege escalation vulnerability in the WooCommerce plugin module used by the Elemntor plugin, which enabled unauthenticated attackers to impersonate any user on the website and then be used to gain full access to the site’s administrator account.
WordPress Elementor Plugin Versions 3.11.6 and below
CYREBRO recommends updating to the latest plugin version – 3.12.0 as soon as possible.
References: Elementor Advisory