Anyone who buys their most popular plugin pack within Elementor runs the risk of being hacked. Patch now is the message.

Have you built a WordPress website with Elementor? Then there is a risk that your website will be hacked. There is a vulnerability within the (optional) Elementor plugin “Essential Addons for Elementor” that could give hackers administrator rights. Since the add-on library is popular with over 90 extensions, chances are your website will run if you build with Elementor.

The vulnerability was discovered on May 8th and has the code CVE-2023-32243. Exploiting the vulnerability could allow hackers to reset any user’s password, as long as they know the username. The leak lies in the reset feature, which does not validate a password reset key and immediately offers a new password of your choice.

It goes without saying that the consequences can be devastating. Once a hacker is logged in as an administrator, they can do anything: steal private information, abuse or delete your website, distribute malware to your visitors, and your brand suffers a severe loss of credibility.

Check out the PatchStack report how hackers can crack websites through Elementor when the Essential Addons for Elementor plugin is active. Luckily, a patch is already available for admins to install right away. Install “Essential Addons for Elementor” version 5.7.2 as Lightning to plug the leak so hackers don’t stand a chance.