If your website is Taste of Future Sister-in-law (2023)powered by the WordPress page-builder Elementor, double-check if you're using this popular plugin. Because, if you are, hackers can easily stage a complete takeover of your website thanks to a newly discovered security flaw.
Security researchers at Patchstack have released a new reportabout a concerning cybersecurity issue related to the WordPress plugin Essential Addons for Elementor. The plugin provides users with an assortment of pre-built WordPress blocks and templates for use when creating or updating their website.
"This plugin suffers from an unauthenticated privilege escalation vulnerability and allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site," writes Patchstack in its report.
Basically, malicious actors can take advantage of this to reset the password of any user, including the administrator's account. If that latter account's password is reset, a hacker could basically have access to the entire website – backend and all – and take control of the site from its rightful owner. If a targeted website stores user information, this bad actor would have access to and control of that as well.
"This vulnerability occurs because this password reset function does not validate a password reset key and instead directly changes the password of the given user," explains Patchstack.
The plugin vulnerability has since been patched and Essential Addons for Elementor users are being urged to update to version 5.7.2. All versions of the plugin prior, going back to version 5.4.0, are affected by the vulnerability. So, be sure to update the plugin!
More than 43 percentof all of the websites on the internet use WordPress. Elementor is a popular website builder for WordPress-powered sites. More than 12 millionWordPress-sites utilize Elementor. According to the WordPress Plugin Directory, more than 1 millionactive websites have the Essential Addons for Elementor installed.
Topics Cybersecurity
Pebble smartwatches are coming, but they won't get along with the iPhone
Beyoncé fans are still in shock after that Grammys result
Rio's Olympic venues are already on their way to ruin
What Google revealed at its big event: Pixel 4, Nest Mini, and more
#rateaspecies is basically Yelp reviews for zoo animals
'Jexi' is, unfortunately, a movie fit for the times: Review
Support for Facebook's cryptocurrency is already falling apart
Blue Ivy joins James Corden for Carpool Karaoke, rendering previous Carpool Karaokes irrelevant
NYT mini crossword answers for May 12, 2025
Disney's back catalog is coming to Disney+. Here are all the titles.
2025 Oscar winners: See the full list
Instagram's new security feature makes it easier to block apps from your account
Google unveils new high
Ouijazilla, the world's largest Ouija board, makes spooky debut
Amazon Big Spring Sale 2025: Best air purifier deals from Dyson, Shark, LG, and more
Google's unique new Chromebook laptop leaked in photos and video
India plans to rename all its airports and it makes a lot of sense
Michelle Obama announces upcoming trip advocating for girls' education
WhatsApp launches 'Advanced Chat Privacy' to protect sensitive conversations
Netflix won't stream on some old Roku devices starting in December
Happy Birthday, J. P. Donleavy by Sadie SteinA 60th Anniversary Tote! by The Paris ReviewBuy Tiffany’s, and Other News by Sadie SteinUncuffing season: People want to be single for summerChatGPT vs Bing vs Bard: You can pick the best in this chatbot arenaWe Are Made of Memories: A Conversation with Mia Couto by Scott EspositoStandBy on iOS 17: What it is and how to use it.Hell Is Other Cats by Sadie SteinUpdate your iPhones and Macs now to protect from these security exploitsBull City Summer by Adam Sobsey“Every Adoption is a Ghost Story”: An Interview with Jennifer Gilmore by Amy BenferUncuffing season: People want to be single for summerHow to log out of the Amazon appJennifer Lawrence finally gets to be funny onscreen with 'No Hard Feelings'Poets Without Clothes, and Other News by Sadie SteinAdieu White Street, Bonjour High Line by Lorin SteinThe Funnies, Part 4 by Tom Gauld'I'm a Virgo' review: Boots Riley's largerWe Are Made of Memories: A Conversation with Mia Couto by Scott Esposito“Every Adoption is a Ghost Story”: An Interview with Jennifer Gilmore by Amy Benfer Early Prime Day outdoor deals: Save on Coleman, YETI, and more Prime Day deals: 11 things you should buy, and 3 to avoid Early Prime Day deal: Get $200 off the M3 MacBook Air Exec from Chinese automaker GAC met Brazilian president, planning EV factory · TechNode OpenAI whistleblowers call on SEC to investigate the AI company NVIDIA may launch new export Tsinghua University launches AI 'House of the Dragon' fans love the dog in Season 2, episode 5 Foreign tourist spending on Alipay surges in China over May Day Holiday · TechNode Chinese toy maker Pop Mart sees explosive overseas growth, Q1 revenue up over 165% · TechNode Intel reportedly places orders for TSMC's 2nm process · TechNode Best early Prime Day robot vacuum deal: Roborock Q5 Pro+ deal for $300 off iQIYI launches content e Connecticut Sun vs. New York Liberty 2024 livestream: Watch WNBA for free Best early Prime Day laptop deals 2024: MacBooks and LG grams at record lows Chinese milk tea chain Chagee hits $6.2 billion valuation on Nasdaq debut · TechNode GoPro Hero11 bundle deal: Get $130 off for Prime Day Huawei announces launch of first HarmonyOS PC on May 19 · TechNode Get $200+ shopping credits ahead of Prime Day 2024 Tencent, Huawei, Baidu Fuel the Rise of China’s Cloud
3.3184s , 8204.8984375 kb
Copyright © 2025 Powered by 【Taste of Future Sister-in-law (2023)】,Feast Information Network