• Home
  • News
    • AI News
    • Crypto News
  • A.I
  • Phones
  • Tech Guides
    • Apps
    • Mac
    • Social Media
    • Tips and Tricks
Tech Tout
Google News
No Result
View All Result
  • Home
  • News
    • AI News
    • Crypto News
  • A.I
  • Phones
  • Tech Guides
    • Apps
    • Mac
    • Social Media
    • Tips and Tricks
Tech Tout
Follow on Google News
No Result
View All Result
Tech Tout
No Result
View All Result

Millions of WordPress sites at risk from Hackers exploiting Elementor Pro vulnerability

Hackers actively exploiting flaw that allows complete takeover of vulnerable WordPress sites using WooCommerce.

Web Desk by Web Desk
April 1, 2023
in Hacker News, Security
A laptop with WordPress logo placed on a surface

Image via Unsplash

141
SHARES
1.3k
VIEWS
Share on FacebookShare on Twitter
Summary: Hackers are exploiting a security vulnerability in the Elementor Pro website builder plugin for WordPress, which is estimated to be used on over 12 million sites. The flaw allows attackers to create an account with administrator privileges and potentially take over a WordPress site. Users are advised to update to the latest version of the plugin to mitigate the risk of potential threats.

Unknown attackers are exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress, putting millions of sites at risk. The flaw affects versions 3.11.6 and earlier and was fixed by the plugin maintainers in version 3.11.7. The vulnerability is a case of broken access control, allowing an authenticated attacker to take over a WordPress site that has WooCommerce enabled, giving them administrator privileges. Users of the plugin are urged to update to version 3.11.7 or 3.12.0 as soon as possible.

settings change wordpress sites being actively exploited thanks to plugins

NinTechNet security researcher Jerome Bruandet discovered and reported the vulnerability on March 18, 2023. Patchstack has noted that the flaw is being exploited in the wild from several IP addresses, with attackers attempting to upload arbitrary PHP and ZIP archive files. If exploited, a malicious user could turn on the registration page (if disabled) and set the default user role to administrator. This would allow them to create an account that instantly has the administrator privileges. They could then redirect the site to another malicious domain or upload a malicious plugin or backdoor to further exploit the site.

leak wordpress sites being actively exploited thanks to plugins

This is not the first time a vulnerability has been discovered in an Elementor plugin. The Essential Addons for Elementor plugin was found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites. WordPress also issued auto-updates to remediate another critical bug in the WooCommerce Payments plugin that allowed unauthenticated attackers to gain administrator access to vulnerable sites.

Tags: ElementorWordPress
Share56Tweet35Pin15
Previous Post

Ford F-150 Lightning now starts at a higher price of $20K

Next Post

Breaking News: Twitter logo changed to DogeCoin’s Dog face

Web Desk

Web Desk

The article is written and edited by a member of TechTout's web desk. The team members are comprised of tech geeks, and enthusiasts, who have a passion for technology and writing.

Related Posts

A black and white photo of a person wearing anonymous mask

Major security vulnerabilities found in Google Pixel, Samsung, and Vivo phones

March 31, 2023
Twitter with SMS 2FA won't be same anymore

Last day to keep Twitter’s SMS 2FA authentication

March 20, 2023
Next Post
Doge dog with elon musk a design of manipulated image of them going to moon

Breaking News: Twitter logo changed to DogeCoin's Dog face

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Trending

  • Trending
  • Comments
  • Latest
username doesn't belong error on instagram fixed

How to fix “The username you entered doesn’t belong to an account” error on Instagram

January 23, 2023
Instagram dark mode guide

How to enable dark mode on Instagram 2023

January 22, 2023
Doge dog with elon musk a design of manipulated image of them going to moon

Breaking News: Twitter logo changed to DogeCoin’s Dog face

April 3, 2023 - Updated on April 7, 2023
A photo of facebook page opened in an Android smartphone showing new Facebook page experience update

Facebook’s new “Pages experience” finally replaces classic pages

January 31, 2023
How to privately reply to a WhatsApp group message

How to privately reply to a WhatsApp group message

September 30, 2020 - Updated on January 1, 2022
A photo of a person using Instagram on iPhone, showing Instagram stories decorations

Creative ways to decorate Instagram story in 2023

February 10, 2023
Instagram login page

How to recover your Instagram deleted messages and data

August 25, 2020 - Updated on January 1, 2022
username doesn't belong error on instagram fixed

How to fix “The username you entered doesn’t belong to an account” error on Instagram

6
high angle photo of a mobile

Latest Instagram Tips and Tricks 2023

1
instagram story photos

How to add multiple photos on your Instagram story

0
A photo of Snapchat ghost wearing a black cap for how to get Snapstreaks back

How to get your Snapstreaks back after losing them

0
Instagram login page

How to recover your Instagram deleted messages and data

0
Samsung Galaxy Note 20 and Note 20 Ultra

Galaxy Note 20 Ultra: Specs, release date, price, and more

0
A photo of a person using Instagram on iPhone, showing Instagram stories decorations

Creative ways to decorate Instagram story in 2023

0
Best iPhones browsers

10 Best Browsers for iPhone in 2023

May 29, 2023
Meta Quest 2 VR headsets

Meta’s Quest 3 VR headset rumored to incorporate color cameras for enhanced pass-through experience

May 29, 2023
Instagram logo in a phone placed on a table

Instagram is back online following a short outage!

May 21, 2023
A 3d render of Instagram logo

Global Instagram outage leaves users unable to access stories and app

May 21, 2023
Best metal body laptops on Amazon

Best Metal Gaming Laptops 2023

May 21, 2023
Blue Origin new Glenn forward module

NASA selects Jeff Bezos’ company for Artemis V Moon landing system

May 20, 2023
Meta and Twitter

Meta to unveil Twitter clone in June

May 19, 2023
Best iPhones browsers
Top Lists

10 Best Browsers for iPhone in 2023

by Muhammad Abdullah
May 29, 2023
0

In the fast-paced digital world, having a reliable and efficient web browser on your iPhone is essential for a seamless...

Read more
Meta Quest 2 VR headsets

Meta’s Quest 3 VR headset rumored to incorporate color cameras for enhanced pass-through experience

May 29, 2023
Instagram logo in a phone placed on a table

Instagram is back online following a short outage!

May 21, 2023
A 3d render of Instagram logo

Global Instagram outage leaves users unable to access stories and app

May 21, 2023
Best metal body laptops on Amazon

Best Metal Gaming Laptops 2023

May 21, 2023

TechTout

TechTout covers the latest news on tech, car tech, business, smartphones, gadgets, and the latest product reviews including how-to guides on Windows, Mac, Android, iOS, Linux, and more.

Tech Tout

TechTout covers the latest news on tech, car tech, business, smartphones, gadgets, and the latest product reviews including how-to guides on Windows, Mac, Android, iOS, Linux, and more.

Top Categories

  • Home
  • News
    • AI News
    • Crypto News
  • A.I
  • Phones
  • Tech Guides
    • Apps
    • Mac
    • Social Media
    • Tips and Tricks

Pages

  • About us
  • Affiliate Disclosure
  • Contact Us
  • Disclaimer
  • Home
  • Newsletter
  • Privacy Policy
  • Terms and Conditions
  • Write for us

Recent Posts

  • 10 Best Browsers for iPhone in 2023
  • Meta’s Quest 3 VR headset rumored to incorporate color cameras for enhanced pass-through experience
  • Instagram is back online following a short outage!
  • Global Instagram outage leaves users unable to access stories and app
  • Best Metal Gaming Laptops 2023

© 2023 TechTout - A GameBird Media site - All Rights Reserved.

No Result
View All Result
  • Home
  • About us
  • Contact us
  • Write for us
  • Disclaimer
  • Privacy Policy
  • Affiliate Disclosure
  • Terms and Conditions

© 2023 TechTout - A GameBird Media site - All Rights Reserved.