In March 2023, a critical security flaw (CVE-2023-32243) was discovered in Elementor Pro, allowing hackers to control WordPress sites with WooCommerce enabled.
The vulnerability allowed malicious users to turn on the registration page, set the default user role to administrator according to Patchstack, and potentially redirect the site to another malicious domain or install plugins or backdoors.
While this flaw only impacted versions 3.11.6 and earlier, it was addressed by Elementor in version 3.11.7, released on March 22. Despite the fix, active exploitation attempts were detected by Patchstack, and any WordPress sites that were not promptly updated remained vulnerable.
With over 5 million WordPress sites using Elementor Pro, even a small fraction of users unaware of this vulnerability or failing to update to the latest version could risk hundreds or even thousands of sites. This incident stands as a stark reminder of the importance of keeping up to date on vulnerabilities & updates for those of us in the WordPress community.
Now, some of you might be thinking, such vulnerabilities can’t be commonplace, can they?
The truth is far from that.
In the larger context, the number of new vulnerabilities
[…]
Introducing WordPress Vulnerability Scanner by Patchstack Keep Reading »
#Blogging #WordPress #BloggingTips #BlogChat
The full chat log is available beginning here on Slack. WordPress Performance Trac tickets @b1ink0…
WordPress at 23 is simultaneously both the strongest and most precarious it’s ever been. Last…
June 4-6, 2026 | ICE Kraków Congress Centre, Kraków, Poland WordCamp Europe 2026 will bring…
Every WordPress release celebrates an artist who has made an indelible mark on the world…
The full chat log is available beginning here on Slack. WordPress Performance Trac tickets @westonruter…
The fourth Release Candidate (“RC4”) for WordPress 7.0 is ready for download and testing! This…