image credit: Pixabay

New Flaw in WordPress Plugin Used by Over a Million Sites Under Active Exploitation

May 12, 2023

A security vulnerability has been disclosed in the popular WordPress plugin Essential Addons for Elementor that could be potentially exploited to achieve elevated privileges on affected sites.

The issue, tracked as CVE-2023-32243, has been addressed by the plugin maintainers in version 5.7.2 that was shipped on May 11, 2023. Essential Addons for Elementor has over one million active installations.

“This plugin suffers from an unauthenticated privilege escalation vulnerability and allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site,” Patchstack researcher Rafie Muhammad said.

Read More on The Hacker News