Elementor Pro Critical Vulnerability via @martinibuster - Website Pro USA
Website Builder,SEO,Social Media Consultant, Hosting, Website Care Plans
43392
post-template-default,single,single-post,postid-43392,single-format-standard,theme-bridge,woocommerce-no-js,ajax_updown,page_not_loaded,,qode-content-sidebar-responsive,columns-3,qode-child-theme-ver-1.0.0,qode-theme-ver-9.2,hide_inital_sticky,wpb-js-composer js-comp-ver-7.9,vc_responsive

Elementor Pro Critical Vulnerability via @martinibuster

06 May Elementor Pro Critical Vulnerability via @martinibuster

Posted at 14:16h in Business by
0 Likes
ADVERTISEMENT

WordFence is reporting that Elementor Pro has a Critical Zero Day vulnerability exploit. This vulnerability has not been patched and it is actively being exploited.

Two Elementor Plugins Are Vulnerable

According to WordFence there are two plugins involved that each have a vulnerability.

ADVERTISEMENT
CONTINUE READING BELOW

Elementor Pro is a Vulnerable Plugin

Elementor Pro is the paid version of the Elementor WordPress page builder plugin. This vulnerability does not affect the free version of the Elementor plugin.

The vulnerability is rated as “critical” according to WordFence.

A hacker would need to be registered with the website in order to take advantage of the vulnerability.

If you run an Elementor Pro powered WordPress website and you allow site visitors to register in order to comment or contribute to the site, then you may be vulnerable.

If however your Elementor Pro WordPress site does not have registered users you may still be at risk.

ADVERTISEMENT
CONTINUE READING BELOW

The reason you may still be at risk is because another plugin Ultimate Addons for Elementor, allows a hacker to register as a subscriber even if registration is prohibited.

That means that the Ultimate Addons for Elementor plugin allows a hacker to hack Elementor Pro.

According to WordFence:

“Due to the vulnerability being unpatched at this time, we are excluding any further information.

We have data via another vendor that indicates the Elementor team are working on a patch. We have contacted Elementor and did not immediately receive confirmation of this before publication.”

Ultimate Addons for Elementor Vulnerability

The second plugin that is vulnerable is the Ultimate Addons for Elementor plugin. The vulnerability allows a hacker to take advantage of the Elementor Pro vulnerability if user registration is turned off.

ADVERTISEMENT
CONTINUE READING BELOW

At this moment there is no patch available to fix the Elementor Pro vulnerability.

But there is a patch to fix the Ultimate Addons for Elementor plugin (instructions here).

By upgrading the Ultimate Addons plugin (if you have it installed) you can in theory block a hacker from exploiting an Elementor Pro site, as long as user registrations are prohibited.

How to Protect Your Elementor Pro Website

WordFence recommends downgrading to Elementor Free version (available here). This version of Elementor Page Builder is not vulnerable.

Once Elementor Pro is patched you can update to the patched pro version of the plugin and be safe from hacking.

ADVERTISEMENT
CONTINUE READING BELOW

Read the WordFence announcement:

Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk

No Comments

Sorry, the comment form is closed at this time.