In March 2023, a critical security flaw (CVE-2023-32243) was discovered in Elementor Pro, allowing hackers to control WordPress sites with WooCommerce enabled.

The vulnerability allowed malicious users to turn on the registration page, set the default user role to administrator according to Patchstack, and potentially redirect the site to another malicious domain or install plugins or backdoors.

While this flaw only impacted versions 3.11.6 and earlier, it was addressed by Elementor in version 3.11.7, released on March 22. Despite the fix, active exploitation attempts were detected by Patchstack, and any WordPress sites that were not promptly updated remained vulnerable.

The State of WordPress Security

With over 5 million WordPress sites using Elementor Pro, even a small fraction of users unaware of this vulnerability or failing to update to the latest version could risk hundreds or even thousands of sites. This incident stands as a stark reminder of the importance of keeping up to date on vulnerabilities & updates for those of us in the WordPress community.

Now, some of you might be thinking, such vulnerabilities can’t be commonplace, can they?

The truth is far from that.

In the larger context, the number of new vulnerabilities

[…]

Introducing WordPress Vulnerability Scanner by Patchstack Keep Reading »
#Blogging #WordPress #BloggingTips #BlogChat