Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Vulnerability in two popular Wordpress extensions affects millions of sites

Recommended Posts

Elementor and WP Super Cache are two popular Wordpress extensions that both carry serious vulnerabilities according to security researchers from Wordfence. The vulnerability in the Elementor add-on allows a perpetrator to load Javascript on pages, while the vulnerability in WP Super Cache makes it possible to run malicious code on pages. Elementor is used by more than seven million web pages and WP Super Cache is used by two million sites. Users are encouraged to update these two extensions as soon as possible or risk leaving their Wordpress sites vulnerable for takeover.

Wordfence writes that "since posts created by contributors are typically reviewed by editors or administrators before publishing, any JavaScript added to one of these posts would be executed in the reviewer’s browser. If an administrator reviewed a post containing malicious JavaScript, their authenticated session with high-level privileges could be used to create a new malicious administrator, or to add a backdoor to the site. An attack on this vulnerability could lead to site takeover."

Are you using any of these extensions? 

Link to post
Share on other sites
  • 2 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...