An ongoing attack is currently being carried out exploiting vulnerable users of the plugins: Elementor Pro and Ultimate Addons for Elementor.

It is estimated that Elementor Pro is installed on over 1 million sites and that Ultimate Addons has an install base of roughly 110,000.

If you are using any of these plugins on your website, upgrade to the latest versions immediately. On May 7, 2020, the Elementor team has released Elementor Pro 2.9.4 that has been verified to patch the vulnerability.

The vulnerability in Elementor Pro is determined to be a zero day vulnerability which is exploitable if users have open registration. Meanwhile, the vulnerability in Ultimate Addons for Elementor, allows the Elementor Pro vulnerability to be exploited, even if the site does not have user registration enabled.

For more information please check the official public release.

If you have questions, don’t hesitate to contact our support team.

People that read this article also liked

WooCommerce 4.2 + Storefront 2.5.7 WordPress Websites Security Breach – Outbreak of Malicious File Attacks Outdated WPBakery Plugin Critical Security Risk to Millions of Sites WordPress 5.7 “Esperanza” + WooCommerce 5.1 Released