The vulnerability was discovered by NinTechNet, which assigned a severity rating of 8.8 out of 10. Last week, Elementor released a patch for this vulnerability in version 3.11.7, but according to PatchStack, the vulnerability is actively used by attackers from various IPs. addresses.
The vulnerability exists in a feature that allows anyone with an account on a site that meets certain conditions to create new accounts with full administrative privileges. This means that attackers can gain full control over vulnerable websites, including user data.
Elementor Pro users should make sure they are using version 3.11.7 or later as all previous versions are vulnerable.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
