Elementor, a popular WordPress plugin, has received a critical update that patches a vulnerability that could be leveraged by attackers to change the appearance of websites. Elementor functions as a website building plugin, enabling users too easily create websites for themselves or their business without having to write code. Elementor boasts five million users and is marketed as a leading website building platform for WordPress. Last week, researchers at Plugin Vulnerabilities discovered suspicious activity surrounding the plugin. After determining that there were not any recently disclosed vulnerabilities that would explain the activity, the researchers conducted standard checks.
Plugin Vulnerabilities stated that it discovered the plugin was not handling basic security in a proper manner, including functionalities where capability checks were missing. There was at least one flaw that could lead to a serious threat, remote code execution. The flaw lies in the 3.6.0 version of the plugin that was released on March 22. Security researchers determined that 1.5 million users were impacted. Users have been advised to update the plugin as soon as possible to mitigate further risks.
Read More: Elementor Fixes Critical Bug in Popular WordPress Plugin