ROBERT JACOBI

Industry Analyst & Strategist

Wordfence Reports Critical 0-day in The Plus Addons for Elementor

Chloe Chamberland, over at Wordfence, Critical 0-day in The Plus Addons for Elementor Allows Site Takeover:

Today, March 8, 2021, the Wordfence Threat Intelligence team became aware of a critical 0-day in The Plus Addons for Elementor, a premium plugin that we estimate has over 30,000 installations. This vulnerability was reported this morning to WPScan by Seravo, a hosting company. The flaw makes it possible for attackers to create new administrative user accounts on vulnerable sites, if user registration is enabled, along with logging in as other administrative users.

As of publication, this remains unpatched.

BigScoots: Personal. Expert. Always There. That’s Real Managed Hosting.

© 2024 Warbi, Inc. and Robert Jacobi
All rights reserved.