A critical vulnerability found in a widely used WordPress plugin attackers took control of nearly 12 million websites, if abused, according to a statement released last week. The bug was discovered by cybersecurity expert Jerome Bruandet.
According to the NinTechNet researcher, the glitch is affecting Elementor Proallows you to create professional looking websites even without programming skills. The plugin can be exploited when used with the WooCommerce online store builder.
If these conditions are met, anyone with an account on the affected site can create new records by adding administrative privileges. From there, it’s possible to take control of the page by redirecting all its traffic to a bogus website as well as performing other malicious actions.
A WordPress plugin vulnerability being exploited by cybercriminals, as reported by the content management system. According to the report, attacks are carried out over IPs. 193,169,194.63, 193,169,195.64 and 194,135,30.6 and results in uploading of files wp-resortpack.zip, wp-rate.php and lll.zip on hacked pages.
Update to protect yourself
It was reported to the content management platform on March 18, Crash in Elementor Pro plugin already fixed, with the release of a security patch on the 22nd of last month. Site administrators need to upgrade to protect their pages.
Bug affects Elementor Pro version 3.11.6 and earlier, while the update takes the plugin to version 3.11. The platform reported that it alerted all users of the tool and said that users of Ninja Firewall WP Edition and Ninja Firewall WP+ Edition are protected from the flaw.
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.
