By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Versatile Threats: Dangers for any Device – Kaspersky Daily
    12 months ago
    Kaspersky Internet Security for Android wins independent anti-virus testing
    12 months ago
    DEF CON 23: Tell me who you are and I will tell you your lock screen pattern
    12 months ago
    Latest News
    Beware of scammers! Dangerous apps in the App Store
    7 hours ago
    How To Limit Login Attempts on WordPress (+ Should You?)
    1 day ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
    1 day ago
    Two privilege escalation vulnerability in Simple Membership Plugin
    2 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Cloudflare Introduces User Friendly CAPTCHA Alternative Called Turnstile
    12 months ago
    Windows 10 build 19044.1947 (KB5016688) outs as preview
    12 months ago
    How to disable WiFi or Ethernet network adapter on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    8 months ago
    Now you can speed up any video in your browser
    8 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    9 months ago
  • How To
    How ToShow More
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    10 hours ago
    Privacy-preserving measurement and machine learning
    Privacy-preserving measurement and machine learning
    10 hours ago
    Encrypted Client Hello – the last puzzle piece to privacy
    Encrypted Client Hello – the last puzzle piece to privacy
    10 hours ago
    Reminder: Enable two-factor authentication wherever you have it. This business
    14 hours ago
    ​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
    14 hours ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to download a website in PDF format?
    12 months ago
    Easter egg “Kojima” Vkontakte
    12 months ago
    How to edit the hosts file in Windows?
    11 months ago
    Latest News
    How to enable extensions for Google Bard AI
    8 hours ago
    Window 11 Copilot: 10 Best tips and tricks
    15 hours ago
    How to create AI images with Cocreator on Paint for Windows 11
    2 days ago
    How to install September 2023 update with 23H2 features for Windows 11
    3 days ago
  • Glossary
  • My Bookmarks
Reading: Vulnerabilities in two plugins threaten millions of WordPress sites
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Wordpress Threats

Vulnerabilities in two plugins threaten millions of WordPress sites

Tom Grant
Last updated: 13 October
Tom Grant 2 years ago
Share
2 Min Read

Wordfence experts warned that on May 6, hackers began exploiting critical vulnerabilities in the WordPress plugins Elementor Pro and Ultimate Addons for Elementor. Bugs can be used to remotely execute arbitrary code and completely compromise vulnerable sites.

Elementor Pro is a paid plugin with over 1,000,000 active installs. It helps users create their own WordPress sites with built-in theme and widget builders and support for custom CSS solutions.

An RCE issue has been identified in Elementor Pro and has been upgraded to critical. The bug allows attackers with access at the level of a simple user to upload arbitrary files to target sites, as well as remotely execute arbitrary code on them. At the time the attacks began, this vulnerability was a 0-day failure problem.

Analysts write that attackers use this vulnerability to install backdoors and web shells (that is, provide themselves with access to compromised sites), gain administrator privileges and completely transfer the resource under their control. If hackers do not have user access to a resource, they can use the second vulnerability affecting the Ultimate Addons for Elementor plugin installed on more than 110,000 sites. A flaw in this plugin would allow attackers to register as subscribers on any site running the plugin (even if user registration is disabled).

To protect against these attacks, Wordfence recommends that administrators update Elementor Pro to version 2.9.4 as soon as possible, which fixes the RCE vulnerability. Users of Ultimate Addons for Elementor, in turn, need to update the plugin to version 1.24.2 or later, where the problem with registering new users has been fixed.


Source: xaker.ru

Translate this article

TAGGED: PoC, Threats, Vulnerabilities, WordPress, WordPress plugins
Tom Grant October 13, 2022 October 31, 2021
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Cloudflare now uses post-quantum cryptography to talk to your origin server
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps 10 hours ago
Privacy-preserving measurement and machine learning
Privacy-preserving measurement and machine learning
Apps 10 hours ago
Encrypted Client Hello – the last puzzle piece to privacy
Encrypted Client Hello – the last puzzle piece to privacy
Apps 10 hours ago
Beware of scammers! Dangerous apps in the App Store
Threats 10 hours ago
How to enable extensions for Google Bard AI
News 11 hours ago

You Might Also Like

Threats

Beware of scammers! Dangerous apps in the App Store

10 hours ago
How To Limit Login Attempts on WordPress (+ Should You?)
Wordpress Threats

How To Limit Login Attempts on WordPress (+ Should You?)

1 day ago
How To

Where Linux is in your home, and how to protect Linux devices from hacking

1 day ago
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
Wordpress Threats

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)

2 days ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
How to install September 2023 update with 23H2 features for Windows 11
Critical Vulnerability in Forminator Plugin
How to get the latest Windows 11 innovations
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
Previous Next

10 New Stories

Reminder: Enable two-factor authentication wherever you have it. This business
​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
​​Fake correspondence with the iPhone interfaceIn a world where digital communication is
​​Let's find out who is watching your Instagram stories from a fake Have you ever wondered
Window 11 Copilot: 10 Best tips and tricks
How To Limit Login Attempts on WordPress (+ Should You?)
Previous Next
Hot News
Cloudflare now uses post-quantum cryptography to talk to your origin server
Privacy-preserving measurement and machine learning
Encrypted Client Hello – the last puzzle piece to privacy
Beware of scammers! Dangerous apps in the App Store
How to enable extensions for Google Bard AI
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?