Do you use Elementor Pro? And what about Ultimate Addons for Elementor?
If you do, you need to hurry up and update to the latest versions of the two plugins!
Several WordPress analysts have found in recent days that users of anything but the latest version of Elementor Pro risk abuse and vandalism by hackers.
One million WordPress installations risk attacks
The two plugins are used on more than one million websites powered by WordPress.
Only Pro users need to update their plugin to the latest version 2.9.4.
Users of the free version are not at risk.
The Pro version is installed and used on approximately 1 million WordPress websites.
The people behind Elementor have released an update to Elementor Pro, so the vulnerability to attacks via Elementor Pro is effectively closed.
Open registration of new users – two types of attacks
If you use Elementor Pro and you do not update, you risk a so-called Zero Day Vulnerability.
In this case, the vulnerability is that if you allow open registration of users on one’s website, then hackers can open both website, server and individual computer for attacks of various kinds.
The risk of another type of attack becomes even greater if you use the add-on called Ultimate Addons for Elementor.
Even if you do not allow open registration of new users on your website, using Ultimate Addons for Elementor opens up a new risk of letting hackers register new subscriber level users and through this new user expose a website to attacks.
In cases where a site does not have user registration enabled, hackers can exploit the vulnerability contained in the plugin to register a new subscriber level user.
Then they will be able to exploit Elementor Pro’s Zero Day vulnerability and execute external malicious code.
Do you use Elementor Pro? We do!
9bureau use Elementor Pro and we recommend it for many different purposes to our customers.
But we always make sure keeping our clients’ WordPress websites up to date and secure.
It’s the most widely used and successful Page Builder on the market right now.
Since its inception in 2016, it has gone world-wide and is now available in 50 different languages.
The plugin is installed on approx. 4 million WordPress websites.