View Post

On December 23, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of 11 vulnerabilities in Royal Elementor Addons, a WordPress plugin with over 100,000 installations. The plugin developers responded on December 26, and we sent over the full disclosure that day.

We released a firewall rule protecting against these vulnerabilities to Wordfence Premium, Care, and Response customers on December 23, 2022. Sites still running the free version of Wordfence will receive the same protection 30 days later, on January 22, 2023.

While none of the vulnerabilities were critical, several of them could have been used by any authenticated user to modify content, disable plugins, or even temporarily take down the site in some circumstances.

Additionally one of the patched vulnerabilities was a Reflected Cross-Site Scripting vulnerability which could have been used to take over the site if an attacker was able to trick an administrator into performing an action, such as clicking a link.

Source: Eleven Vulnerabilities Patched in Royal Elementor Addons

Tags

Wordfence, WordPress plugin vulnerability


You may also like

How to Write the Perfect Blog Post

How to Write the Perfect Blog Post
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Want even more Marketing Tools, Courses, News, and Personal Development Info?

>