Vulnerability in Essential Addons for Elementor Leads to Mass Infection | allinfosecnews.com

May 18, 2023, 6:54 p.m. | Ben Martin

Sucuri Blog blog.sucuri.net

On May 11th, 2023, the very popular WordPress plugin Essential Addons for Elementor released a patch for a critical privilege escalation vulnerability, initially discovered by PatchStack. The technical details of this vulnerability can be found on their recent blog post. Over one million websites use this plugin and the fallout from this has been absolutely massive, with over 6,000 detections by SiteCheck already so far and 1637 detections in publicWWW scan results.

Naturally, if you are a website owner using …

black hat tactics blog blog post critical escalation essential addons for elementor hacked websites infection malware may patch plugin popular privilege privilege escalation technical vulnerability website malware infections websites website security wordpress wordpress plugin wordpress plugins and themes wordpress security

More from blog.sucuri.net / Sucuri Blog

From Privacy to Exfiltration: Telegram’s Role in Website Malware 2 days, 16 hours ago | blog.sucuri.net

abuse black hat tactics creators cybercriminals +21

WordPress Vulnerability & Patch Roundup May 2024 4 days, 13 hours ago | blog.sucuri.net

attacks automated awareness disclosures +32

How to Fix the NET::ERR_CERT_DATE_INVALID Error 1 week, 1 day ago | blog.sucuri.net

address can certificate connection +14

Server Side Credit Card Skimmer Lodged in Obscure Plugin 1 week, 3 days ago | blog.sucuri.net

attackers card credit credit card +22

What is HTTP 504 Gateway Timeout & How to Fix It 2 weeks, 4 days ago | blog.sucuri.net

best practices can error errors +14

What is HTTP Error 502 Bad Gateway & How to Troubleshoot It 3 weeks, 2 days ago | blog.sucuri.net

bad best practices can error +21

What is HTTP Error 429: Too Many Requests 3 weeks, 4 days ago | blog.sucuri.net

access can code error +15

Mal.Metrica Redirects Users to Scam Sites 4 weeks, 2 days ago | blog.sucuri.net

analysts black hat tactics click compromised +11

WordPress Vulnerability & Patch Roundup April 2024 1 month ago | blog.sucuri.net

april attacks automated awareness +33

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com