"Elementor Fixes Critical Bug in Popular WordPress Plugin"

The developer of a popular WordPress plugin has updated its product to fix a critical vulnerability that could be exploited to change the appearance of websites.  Elementor is marketed as a leading website building platform for WordPress, enabling over five million users to easily create websites for themselves or their business without writing any code.  Last week researchers at security firm Plugin Vulnerabilities discovered suspicious activity related to the plugin.  The researchers found that the plugin isn’t handling basic security right.  After further testing, the researchers found that a bug was introduced in version 3.6.0 of the plugin, released on March 22, meaning around 1.5 million users were impacted.  The researchers warned that the vulnerability can be exploited by authenticated attackers with access to the WordPress admin dashboard and can also be used by threat actors not logged in.  Fortunately, Elementor has now released version 3.6.3 to fix the issue, which users are urged to download.  K2 Cyber Security CEO, Pravin Madhani, said organizations running WordPress sites must layer up security.  Pravin also stated that organizations using WordPress should make sure they use security in depth, including application, network, and system level security for maximum protection.

Infosecurity reports: "Elementor Fixes Critical Bug in Popular WordPress Plugin"