Connect with us

WordPress

Elementor Page Builder Plugin Vulnerability

Published

on

Roger Montti


Popular WordPress page builder, Elementor has a vulnerability called an Authenticated Reflected XSS. This kind of vulnerability allows a hacker to run a script from another site and do things such as steal login credentials.

The vulnerability involves causing a script to be loaded to the vulnerable site (for example through a search box), creating a URL that when followed will execute the script (that is hosted on another site). The hacker then sends a link to someone whose credentials could then be stolen by the hacker.

According to the WordPress Vulnerability Database, the proof of concept is being hidden until February 12th to give users time to update.

Related: Google Exploit: Canonical Negative SEO

The website security company site that discovered the vulnerability (Impenetrable.tech) have published a walk-through of how they discovered the security flaw.

Screenshot from security company that discovered the vulnerability

Once they discovered the vulnerability they contacted the publishers of the Elementor Page Builder plugin and the publishers updated it right away.

Only after Elementor was patched did the security site publish an account of the vulnerability.

This vulnerability affects versions 2.8.4 and older. It is advisable to log into your WordPress website and update your site if you use the Elementor Page Builder plugin. The most current version of Elementor Page Builder is 2.8.5.

Once you sign into your WordPress account there should be an update link from the admin navigation ribbon at the top of the page, or you can access your updates page from the link in the admin sidebar to view all available updates.

Related: SEO & Cybersecurity: How the SEO Industry Views the Relationship



Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply

WordPress

Google temporarily disables local reviews

Published

on


Google temporarily disables local reviews – Search Engine Land









Continue Reading

WordPress

Nextdoor rolls out Groups and Help Map in response to coronavirus outbreak

Published

on

Nextdoor rolls out Groups and Help Map in response to coronavirus outbreak


Nextdoor rolls out Groups and Help Map in response to coronavirus outbreak – Search Engine Land









Continue Reading

WordPress

Optimizing paid search and Amazon campaigns for seasonality

Published

on

Optimizing paid search and Amazon campaigns for seasonality


Optimizing paid search and Amazon campaigns for seasonality – Search Engine Land








Continue Reading

Trending

Copyright © 2019 Plolu.