"Critical WordPress Plugin Bug Lets Hackers Take Over 1M Sites"
Wordfence's Threat Intelligence team has reported attempts by threat actors to exploit two security vulnerabilities in the Elementor Pro and Ultimate Addons for Elementor WordPress plugins. The abuse of these vulnerabilities can allow attackers to remotely execute arbitrary code and gain full admin access to targeted websites. Attackers can also wipe out an entire website through the exploitation of security flaws. Users must update the Elementor plugins and follow measures, such as checking their sites for any unknown subscriber-level users, in order to ensure that attackers have not already compromised them. This article continues to discuss the potential abuse and impact of critical security bugs discovered in Elementor WordPress plugins, as well as mitigation measures recommended by Wordfence.
Bleeping Computer reports "Critical WordPress Plugin Bug Lets Hackers Take Over 1M Sites"