Vulnerability in Elementor has affected millions of WordPress Websites

The one way by which a WordPress website is prone to hacking is by accessing vulnerable plugins. That is why we need to carefully manage the plugins and keep them updated. A recent security check done by some researchers at Wordfence has found a vulnerability in the popular WordPress plugin Elementor.

Read More: How to Password Protect Page/Post in WordPress Websites

Vulnerability in Elementor
Elementor Editor

Elementor is a free WordPress plugin for building websites. It has over 5 million+ active installs. It is possible that all these websites are prone to attack due to this vulnerability. The vulnerability in Elementor was detected early in February and it has resurfaced in Elementor's add on plugins now.

There are over 15 add-on plugins for Elementor and it is downloaded over millions of websites too. The add-on plugins are used in Elementor to increase the functionality of the website builder. However, it is estimated that these millions of websites are now prone to attack.

The issue is caused by cross-site scripting or XSS, which helps the execution of malicious scripts when the user loads a webpage. The error occurred when the heading tags were not validated on the server-side and this caused unauthorized access to the affected website. This can in turn aid a hacker to add executable JavaScript code which can create a malicious admin.

Once the admin credential is accessed the whole site can be taken by the attacker. So, the site security resides on how secure the website credentials are.

Suggested remedy

Since the attack is performed by a plugin vulnerability, it is better to address the issue within the affected plugins first. Updating the affected plugins is a primary remedy to the issue. However, you will not have to worry about it if the site's credentials are not compromised.

Also, you can install WordFence security plugin to escalate from the issue.

Read More: 5 Risks of Automatically Updating Your WordPress Website

Share and Enjoy !


Leave a Reply

Your email address will not be published. Required fields are marked *