"Hackers Target Vulnerable WordPress Elementor Plugin After PoC Released"

In massive Internet scans, hackers are actively searching for vulnerable Essential Addons for Elementor plugin versions on thousands of WordPress websites in an attempt to exploit a recently disclosed critical account password reset vulnerability. The critical vulnerability, tracked as CVE-2023-32243, affects Essential Addons for Elementor versions 5.4.0 to 5.7.1, allowing unauthenticated attackers to reset the passwords of administrator accounts and take control of the impacted websites. The vulnerability that affected over one million websites was discovered by PatchStack on May 8, 2023, and fixed by the vendor on May 11, with the release of version 5.7.2 of the plugin. However, researchers published a proof-of-concept (PoC) exploit on GitHub on May 14, making it widely accessible to attackers. Wordfence reported observing millions of probes for the plugin's presence on websites and blocking at least 6,900 exploitation attempts. This article continues to discuss hackers actively probing for vulnerable Essential Addons for Elementor plugin versions on thousands of WordPress websites. 

Bleeping Computer reports "Hackers Target Vulnerable WordPress Elementor Plugin After PoC Released"