all InfoSec news
High Severity Vulnerability in WordPress Elementor Pro Patched
Sucuri Blog blog.sucuri.net
On March 22nd, 2023 a security patch was issued for the popular website builder plugin Elementor Pro. Website administrators using this plugin should immediately patch to at least version 3.11.7 to avoid a potential website compromise.
The security issue is reported to affect only the Pro version of the plugin and not the free version hosted at wordpress.org.
Vulnerability details
The vulnerability allows authenticated users to arbitrarily change wp_options values within the database via the AJAX action of Elementor Pro …
action administrators builder change compromise database elementor pro free high issue march org patch plugin popular pro security security patch severity version vulnerability vulnerability disclosure website website compromise website security woocommerce wordpress wordpress plugins and themes wordpress security working