5 min Read

How Hackers Exploiting Bugs in Elementor Pro WordPress Plugin

How Hackers Exploiting Bugs in Elementor Pro WordPress Plugin

The popular WordPress plugin Elementor Pro is used on more than 11 million websites. As per the reports, hackers aggressively exploit a bug in this WordPress plugin. However, this plugin supports numerous features like drag and drop, theme building, an assortment of templates, custom widget care, and a WooCommerce builder (online shops).

Researcher Jerome Bruandet exposed this security error in mid-March. The problem is disturbing version 3.11.6 of the plugin and all previous versions. This bug lets authentic users change the site’s settings and is used by hackers to perform a wide-ranging site overthrow.

This bug distresses a shattered access control on the plugin’s WooCommerce module. This problem lets any user modify WordPress database options without proper authentication.

How are Hackers Exploiting this Bug?

The security firm PatchStack has stated that a vulnerability is serving the attackers to exploit this Elememntor Pro plugin to redirect visitors to dangerous sites. That suffers from inadequately applied input authentication and cannot conduct skill checks. Moreover, the names of the backdoors were also uploaded in these outbreaks, which are

  • Wp-resortpark.zip
  • Wp-rate.php
  • III.zip

The model of the III.zip archive was spotted as comprising a PHP script. A remote attacker uses this to upload extra files to the negotiated server. The backdoor allows the hackers to improve full access to WordPress and snip data or install extra malicious codes.

So, if your site uses the Elementor Pro plugin of WordPress, you must upgrade to version 3.11.7 or later as soon as possible because the hackers are currently targeting vulnerable websites.

Latest Update


Most Viewed

Picture of hitech work

hitech work

I'm Professional Blogger, SEO, and Digital marketing expert. I started my blog in 2016 with the aim to share my knowledge and experiences for the people associated with my field as well as for the general public.

Related Post

latest news about technology

DM on YouTube

How to DM on YouTube 2024

September 29, 2023