Hackers have taken advantage of a vulnerability in a popular WordPress plugin that has allowed them to gain full control over millions of websites. The plugin in question is called “Elementor”, and it is designed to limit login attempts to WordPress sites to prevent brute-force attacks. However, a flaw in the plugin’s code has allowed hackers to bypass its security measures and gain access to the site’s database.
According to cybersecurity firm Wordfence, the flaw in the Elementor plugin is being actively exploited by hackers who are using it to plant backdoors and upload malware to WordPress sites. This has given the attackers complete control over the affected websites, including the ability to install additional plugins, create new users, and modify the site’s content.
The issue has been addressed in the latest version of the Elementor plugin (version 1.6.4), which users are advised to update to as soon as possible. However, many WordPress sites are still running older versions of the plugin, leaving them vulnerable to attack.
WordPress site owners are urged to take immediate action to protect their sites by updating the Loginizer plugin and checking their site’s logs for any suspicious activity. Additionally, it is recommended to implement strong passwords, enable two-factor authentication, and regularly backup the site’s data to minimize the impact of any potential attack.
At Parker Web, we pride ourselves in providing our clients with the most up to date website experience and acted on this threat immediately. Speak with us today about how we handle website vulnerabilities.