Last updated December 6th, 2023 00:25
Are you using the popular Elementor site builder for your WordPress website along with the Essential Addons for Elementor plugin? If you answered yes to both questions, you should be alert. Security vulnerability in the Essential Addons for Elementor plugin was found in versions 5.4 to 5.7.1. If you are using the plugin, it is crucial to check its version and update it as soon as possible.
Critical Security Vulnerability in the Essential Addons for Elementor Plugin
The Essential Addons for Elementor plugin provides many additional elements for the well-known site builder, and it is currently used on over 1 million websites. Due to the vulnerability in the plugin, an attacker can elevate the privileges of any user stored in the WordPress database of the affected website. Additionally, a potential attacker can reset the password of any user if they know their login.
The ability to reset passwords occurs because the vulnerability bypasses the password reset keys, resulting in an immediate password change instead. If you actively use the plugin, it is essential to update it immediately to version 5.7.2. This version addresses the vulnerability, and the developers have applied a patch to fix it.
How to Update the Plugin
To update plugins, navigate to the left menu in your WordPress admin panel. Click on “Plugins” to access the list of all active and inactive plugins. For each plugin that has an available update, you will see a link to update it. The update process will only take a few seconds and will occur automatically. Updating the mentioned plugin is currently the only completely secure way to protect your website.
Please ensure that you keep all your plugins and themes up to date to maintain the security and integrity of your WordPress site.
What should I check after the update to be sure?
After completing the update of the mentioned plugin, go to the “Users” section in the left menu of the administration panel. Here, check all the users of your content management system and review their permissions. For each account with administrative access, it is also advisable to change the password. Choose a strong and lengthy password with a combination of lowercase and uppercase letters, numbers, and symbols.
The website is created with care for the included information. I strive to provide high-quality and useful content that helps or inspires others. If you are satisfied with my work and would like to support me, you can do so through simple options.
Subscribe to the Newsletter
Stay informed! Join our newsletter subscription and be the first to receive the latest information directly to your email inbox. Follow updates, exclusive events, and inspiring content, all delivered straight to your email.
