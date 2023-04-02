A recently discovered security flaw in Elementor Pro, a widely used WordPress plugin, could put millions of websites in jeopardy.

Researchers have discovered that cyber attackers are taking advantage of the critical vulnerability, which is present in the plugin and could allow them to gain control over these websites.

The severity rating of the vulnerability has been measured as 8.8 out of 10, making it a significant threat to website owners.

Elementor Pro, used by over 12 million websites on the WordPress content management system, provides several advanced features that allow for the creation of high-quality websites.

Under specific circumstances, such as having a user account on the website, a subscriber or customer can create new accounts with complete administrator privileges.

An authenticated attacker can then take advantage of this vulnerability to create an administrator account by enabling registration and setting the default role to “administrator”.

The attacker can also change the administrator email address or redirect all traffic to a malicious external website, among other things.

Jerome Bruandet, a security researcher with NinTechNet, discovered the vulnerability and reported it to Elementor Pro, who has since released a patch for the flaw in version 3.11.7.

However, researchers from a separate security firm, PatchStack, have confirmed that hackers are currently exploiting this vulnerability.

If you are an Elementor Pro user, it is crucial to verify that you are using version 3.11.7 or above, as earlier versions are at risk of exploitation. Additionally, it is recommended that you investigate your website for any signs of infection to ensure that you are not being targeted by cyber attackers.