A critical vulnerability has been found in the Essential Addons for Elementor plugin for WordPress. The vulnerability, which is tracked as CVE-2023-32243, allows unauthenticated attackers to reset the passwords of administrator accounts and take control of websites.
The vulnerability was discovered by PatchStack on May 8, 2023, and fixed by the vendor on May 11, 2023, with the release of the plugin’s version 5.7.2. However, many websites are still running older versions of the plugin that are vulnerable to attack.
Wordfence, a WordPress security company, has observed millions of probing attempts for the presence of the vulnerable plugin on websites. The company has also blocked at least 6,900 exploitation attempts.
Website owners who are using the Essential Addons for Elementor plugin are advised to update to the latest version of the plugin as soon as possible. Users of Wordfence’s free security package will be protected against this vulnerability on June 20, 2023.
