Millions of WordPress Sites at Risk as Hackers Exploit Plugin Vulnerabilities
Hackers are exploiting a critical vulnerability in the Elementor Pro WordPress plugin, which is running on over 12 million sites, to take complete control of websites. The vulnerability allows anyone with an account on the site to create new accounts with full administrator privileges. The flaw was discovered by a security researcher and patched by Elementor last week, but researchers at PatchStack report that the vulnerability is under active exploitation. Users of Elementor Pro should ensure they are running version 3.11.7 or later and check their sites for signs of infection.