A vulnerability in the paid Elementor Pro plugin for CMS WordPress, the world's most popular website creation platform, has begun to be actively exploited by hackers. The vulnerability is rated 8.8 out of 10, indicating that it is critical.
Gerd Altmann/ pixabay.com is the image source for this image.
The vulnerability exists on websites with both Elementor Pro and WooCommerce installed: any registered user may create new accounts with administrator privileges last week.
The issue lies in the Elementor Pro and WooCommerce interaction module, which has been developed to modify some of the online store's parameters, but this does not allow for an attacker to encrypt all traffic from an infected site with inadequate administrator privileges. For example, attacks on older versions of the plugin may be carried out from IP addresses 220.127.116.11, 18.104.22.168, and 22.214.171.124.
If you notice an error, click on it with the mouse and press CTRL + ENTER.