Millions of websites could be compromised as a result of a critical vulnerability in the WordPress plugin Elementor
, which is leveraged for website creation, according to SiliconAngle.
Plugin Vulnerabilities discovered the flaw, which was prompted by the lack of a critical access check in an Elementor file, and could be exploited for arbitrary file uploading, remote code execution, and site takeovers.
"Based on just what we saw in our very limited checking, we would recommend not using this plugin until it has had a thorough security review and all issues are addressed," said researchers.
Elementor users have been urged to update to version 3.6.3, which addresses the bug. Such threats should prompt organizations leveraging WordPress to implement security in-depth, according to K2 Cyber Security co-founder and CEO Pravin Madhani.
"Finally, the simplest thing any organization can do to help reduce vulnerabilities is to keep their code — WordPress, plugins
, SQL server-MySQL/MariaDB, web server-NGINX/Apache — up to date and patched," Madhani added.