• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Elementor Fixes Critical Bug in Popular WordPress Plugin

You are here: Home / General Cyber Security News / Elementor Fixes Critical Bug in Popular WordPress Plugin
April 14, 2022

The developer of a well known WordPress plugin has updated its product to resolve a critical vulnerability that could be exploited to improve the appearance of sites.

Elementor is promoted as a top web-site setting up system for WordPress, enabling over five million users to effortlessly develop web-sites for on their own or their business without composing any code.

Nevertheless, very last week scientists at security organization Plugin Vulnerabilities learned suspicious action connected to the plugin.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“We couldn’t come across any modern disclosed vulnerabilities that must make clear that, so we commenced performing our normal checks we do in a predicament in which a hacker may possibly be exploiting an unfixed vulnerability in a plugin,” the firm spelled out.

“What we promptly identified was that plugin isn’t managing basic security proper, as we located lots of functionalities exactly where capabilities checks ended up missing the place they shouldn’t. Even though some of these in which not accessible to customers that shouldn’t have access, we located at least a single that is and the performance obtainable qualified prospects to one of the most significant sorts of vulnerabilities, remote code execution (RCE).”

It turned out the bug was released in model 3.6. of the plugin, unveiled on March 22, meaning close to 1.5 million customers were impacted.

The vulnerability can be exploited by authenticated attackers with obtain to the WordPress admin dashboard, but it is doable that it could also be applied by threat actors not logged in, Plugin Vulnerabilities warned.

It appears to enable attackers to fully modify the look of a qualified web page by altering aspects, which includes the title, brand, images and theme.

The good news is, Elementor has now unveiled edition 3.6.3 to correct the issue, which buyers are urged to down load. Plugin Vulnerabilities has printed a proof-of-thought, generating patching far more urgent.

K2 Cyber Security CEO, Pravin Madhani, claimed businesses jogging WordPress web-sites have to layer up security.

“WordPress powers as substantially as a 3rd of all websites on the Internet, including some of the most remarkably trafficked web sites and a significant percentage of eCommerce web-sites, so why aren’t they superior outfitted to shield towards attack?” he argued.

“For utmost safety, corporations using WordPress need to make sure they use security in depth, like application, network and process stage security. Eventually, the most basic point any firm can do to aid reduce vulnerabilities is to retain their code up to date and patched.”


Some areas of this article are sourced from:
www.infosecurity-journal.com

Previous Post: «microsoft disrupts zloader cybercrime botnet in global operation Microsoft Disrupts ZLoader Cybercrime Botnet in Global Operation
Next Post: Microsoft and Partners Disrupt Prolific ZLoader Botnet Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.