If your website980 Archivespowered by the WordPress page-builder Elementor, double-check if you're using this popular plugin. Because, if you are, hackers can easily stage a complete takeover of your website thanks to a newly discovered security flaw.
Security researchers at Patchstack have released a new reportabout a concerning cybersecurity issue related to the WordPress plugin Essential Addons for Elementor. The plugin provides users with an assortment of pre-built WordPress blocks and templates for use when creating or updating their website.
"This plugin suffers from an unauthenticated privilege escalation vulnerability and allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site," writes Patchstack in its report.
Basically, malicious actors can take advantage of this to reset the password of any user, including the administrator's account. If that latter account's password is reset, a hacker could basically have access to the entire website – backend and all – and take control of the site from its rightful owner. If a targeted website stores user information, this bad actor would have access to and control of that as well.
"This vulnerability occurs because this password reset function does not validate a password reset key and instead directly changes the password of the given user," explains Patchstack.
The plugin vulnerability has since been patched and Essential Addons for Elementor users are being urged to update to version 5.7.2. All versions of the plugin prior, going back to version 5.4.0, are affected by the vulnerability. So, be sure to update the plugin!
More than 43 percentof all of the websites on the internet use WordPress. Elementor is a popular website builder for WordPress-powered sites. More than 12 millionWordPress-sites utilize Elementor. According to the WordPress Plugin Directory, more than 1 millionactive websites have the Essential Addons for Elementor installed.
Topics Cybersecurity
(Editor: {typename type="name"/})
No Time for a Negative Peace
Bayer Leverkusen vs. AC Milan 2024 livestream: Watch Champions League for free
NYT Strands hints, answers for October 1
Windows 11 24H2 update : 5 new AI
Hurricane Laura's impact lingered with nightmarish mosquito swarms
Predicting the future is more art than science, yet it's always an interesting exercise to engage in
...[Details]
Prime Big Deal Days 2024: What to buy, and what to avoid buying
Table of ContentsTable of ContentsPrime Day can be overwhelming. No, scratch that, it isoverwhelming
...[Details]
Ohio State vs. MSU football livestreams without cable: kickoff time, streaming deals, and more
Wondering how to watch the Ohio State vs. Michigan State football game? Here's how:
...[Details]
Manchester United vs. Tottenham 2024 livestream: Watch Premier League for free
TL;DR:Watch Manchester United vs. Tottenham in the Premier League with a free trial of Fubo. Sign up
...[Details]
Today's Hurdle hints and answers for May 12, 2025
If you like playing daily word games like Wordle, then Hurdle is a great game to add to your routine
...[Details]
Wordle today: The answer and hints for September 28
Can't get enough of Wordle? Try Mashable's free version now O
...[Details]
The best monster movies of the 2010s
If you spent the 2010s actively popping red balloons, avoiding reading creepy children’s pop-u
...[Details]
September Verizon outage cause: What we know so far
On Monday, tens of thousands of Americans were hit hard by a widespread Verizon outage, leaving the
...[Details]
Amazon Pet Day: All the best deals
Table of ContentsTable of ContentsBest deals from Amazon Pet Day Best automatic feede
...[Details]
Google Pixel 9a leak shows a drastically different look
The Google Pixel 9 basically justcame out, but it's already time to talk about the next one.No, not
...[Details]
Ireland fines TikTok $600 million for sharing user data with China
NYT Strands hints, answers for October 1
接受PR>=1、BR>=1,流量相当,内容相关类链接。