For those using Elementor:
On May 6th (13 days ago), the Wordfence Threat Intelligence team alerted the WordPress community to vulnerabilities in Elementor Pro and Ultimate Addons for Elementor. At the time we did not release details of the vulnerabilities because the vendors had not had time to fix them. We made the urgent announcement because we were seeing an active attack campaign and sites being compromised.
Today we can release full details of the attack campaign and associated vulnerabilities. Today’s report includes details on how attackers were using a combination of two vulnerabilities to compromise sites. Now that the vendors have released fixes and the community has had time to update, we are releasing a video walkthrough of a site being exploited, and a full disclosure of all technical details of these vulnerabilities and the associated attack campaign.
You can find the full story on the official Wordfence blog...
On May 6th (13 days ago), the Wordfence Threat Intelligence team alerted the WordPress community to vulnerabilities in Elementor Pro and Ultimate Addons for Elementor. At the time we did not release details of the vulnerabilities because the vendors had not had time to fix them. We made the urgent announcement because we were seeing an active attack campaign and sites being compromised.
Today we can release full details of the attack campaign and associated vulnerabilities. Today’s report includes details on how attackers were using a combination of two vulnerabilities to compromise sites. Now that the vendors have released fixes and the community has had time to update, we are releasing a video walkthrough of a site being exploited, and a full disclosure of all technical details of these vulnerabilities and the associated attack campaign.
You can find the full story on the official Wordfence blog...
