Security Vulnerabilities in the Elementor Add-on Plugin and How to Protect Your WordPress Site

06490

Elementor researchers have issued security advisories for 11 separate Elementor add-ons containing 15 vulnerabilities. These vulnerabilities could enable hackers to upload malicious files, and one is rated as a high-threat vulnerability because it could allow hackers to bypass access controls, execute scripts, and access sensitive data.

Image [1] - Security Vulnerabilities in the Elementor Add-on Plugin and How to Protect Your WordPress Site - Photon Fluctuation.com | Professional WordPress Repair Service, Global Reach, Fast Response

Two different types of vulnerabilities

1. Storing cross-site scripting (XSS)

XSS vulnerabilities are one of the most common forms of vulnerabilities in WordPress plugins and themes. They are usually caused by flaws in the way input data is protected (input cleanup) and the way output data is locked (output escaping).

2. Local File Containment Vulnerability

A local file inclusion vulnerability is a vulnerability that exploits an insecure user input area, allowing an attacker to "include" files in the input. Simply put, this vulnerability allows an attacker to "include" a variety of code that can bypass any restrictions on what can be performed and/or access allowed on a website.

Image [2] - Security Vulnerabilities in the Elementor Add-on Plugin and How to Protect Your WordPress Site - Photon Fluctuation.com | Professional WordPress Repair Service, Global Reach, Fast Response

List of Vulnerable Elementor Add-ons

In total, 11 Elementor add-ons have reported vulnerabilities, some of which have multiple vulnerabilities. Below is the list of add-ons and their vulnerabilities in descending order from newest to oldest:

  1. ElementsKit Elementor addons (x2)
  2. Unlimited Elements For Elementor
  3. 140+ Widgets | Best Addons For Elementor
  4. Better Elementor Addons
  5. Elementor Addon Elements (x2)
  6. Master Addons for Elementor
  7. The Plus Addons for Elementor (x2)
  8. Essential Addons for Elementor (x2)
  9. Element Pack Elementor Addons
  10. Prime Slider - Addons For Elementor
  11. Move Addons for Elementor
Image [3] - Security Vulnerabilities in the Elementor Add-on Plugin and How to Protect Your WordPress Site - Photon Fluctuation.com | Professional WordPress Repair Service, Worldwide, Fast Response

High Severity Vulnerabilities

The high severity vulnerability found in the ElementsKit Elementor Addons plugin for WordPress is particularly concerning as it could put over a million websites at risk. The vulnerability has a rating of 8.8 (on a scale of 1-10). The plugin's popularity is due to its all-in-one feature that allows users to easily modify almost any page design feature in the header, footer, and menu.

Affected WordPress sites

These vulnerabilities could affect over 3 million websites. The total number of active installations of just two of these plugins is 3 million. Below is a list of vulnerable plugins by number of installations:

  1. Essential Addons for Elementor - 2 Million
  2. ElementsKit Elementor addons - 1 Million
  3. Unlimited Elements For Elementor - 200k
  4. Elementor Addon Elements - 100k
  5. The Plus Addons for Elementor - 100k
  6. Element Pack Elementor Addons - 100k
  7. Prime Slider - Addons For Elementor - 100k
  8. Master Addons for Elementor - 40k
  9. 140+ Widgets | Best Addons For Elementor - 10k
  10. Move Addons for Elementor - 3k
  11. Better Elementor Addons - Unknown - Closed By WordPress
Image [4] - Security Vulnerabilities in the Elementor Add-on Plugin and How to Protect Your WordPress Site - Photon Fluctuation.com | Professional WordPress Repair Service, Global Reach, Fast Response

Recommended Operation

While many medium severity vulnerabilities require hackers to obtain contributor level authentication to launch an attack, the risk posed by other plugins or installed themes should not be underestimated. These plugins or themes may grant attackers the ability to launch these specific attacks. Here are some suggested steps to take:

  1. Update plugins and themes::
    • Make sure all Elementor add-ons and themes are updated to the latest version.
    • Test updated themes and plugins before pushing updates to the live site.
  2. Clearing Cache and Cookies::
    • Clear your browser cache and cookies regularly to avoid potential security breaches.
  3. Using Safe Mode::
    • Enable Elementor's "Safe Mode" to separate the core of Elementor from themes and plugins that may cause problems.
  4. Checking the server connection::
    • Ensure that your Internet connection is stable and contact your hosting provider if necessary.
  5. Enabling CDN::
    • Use content delivery networks (CDNs) to distribute web content to servers around the world, reducing the burden on the main server.
  6. Seek professional support::
    • If you are unable to resolve the issue, you can contact the Elementor support team for assistance.

By taking these measures, you can effectively minimize the security risks caused by the vulnerabilities of Elementor add-ons and safeguard the security and stability of your website.


Contact Us
Can't read the article? Contact us for free answers! Free help for personal, small business sites!
Tel: 020-2206-9892
QQ咨询:1025174874
(iii) E-mail: info@361sale.com
Working hours: Monday to Friday, 9:30-18:30, holidays off
© Reprint statement
This article was written by Harry

Link to this article:https://www.361sale.com/en/11338
The article is copyrighted and must be reproduced with attribution.

THE END
ElementorWordPress TutorialElementor
# WordPress Security# Elementor Plugin Vulnerability
If you like it, support it.
kudos0 share (joys, benefits, privileges etc) with others
Harry's Avatar - Photon Fluctuation Network | Professional WordPress Repair Service, Worldwide, Fast Response
Recommended
commentaries sofa-buying

Please log in to post a comment

    No comments

User cover
Harry's Avatar - Photon Fluctuation Network | Professional WordPress Repair Service, Worldwide, Fast Response
文章目录
鲜嫩爽口大肥蛆的头像-光子波动网 | 专业WordPress修复服务,全球范围,快速响应

鲜嫩爽口大肥蛆4月21日 15:140

通过 FTP 禁用插件: 重命名 wordfence 插件文件夹,解除封锁。 后台解封 IP: 若能进入后台,去 Wordfence → Tools → Live Traffic 解封被拦 IP。 调整防火墙设置: 设置为“学习模式”,并将自己 IP 加入白名单。 必要时更换插件: 替换为 iThemes Security 或 All In One WP Security。
Thief will be the rat's guts avatar - Photon Fluctuation | Professional WordPress repair service, worldwide, rapid responseDiamond Member

lit. a thief will have the guts of a ratBadge - Little known - Photon Fluctuation Network | Professional WordPress Repair Service, Worldwide, Fast ResponseApril 18, 16:430

That's a good name.
Kind rural people's avatar - Photon Fluctuation | Professional WordPress repair service, worldwide, rapid response

Kind Rural PeopleApril 18, 11:390

When a plugin conflicts with a theme resulting in a slow loading page, you can troubleshoot the conflict one by one by disabling the plugin, updating the plugin and theme versions, adjusting the plugin settings to reduce resource consumption, troubleshooting the problem by using compatibility checking tools such as "Health Check & Troubleshooting", and enabling caching plugins and optimization tools to improve the performance of your website and ensure plugin and theme compatibility and fast loading of the site.
Riding a great aunt's avatar - Photon Fluctuations | Professional WordPress repair services, worldwide, rapid response

take advantage of sb's great aunt and uncleApril 17, 19:320

When WordPress displays "Sorry, you don't have permission to access this page", it's usually because the account permissions have been changed incorrectly. There are two ways to fix it: if you can access the database, you can change the user permissions field in phpMyAdmin to restore your administrator status; if you can't log in to the backend or manipulate the database, you can also add code to the functions.php of the theme temporarily via FTP to create a new administrator account to log in to the backend and fix the permissions. Both methods are effective in restoring access rights, and it is recommended to backup website data before operation.
Lexer's Avatar - Photon Flux Network | Professional WordPress repair service, worldwide, fast response

RexhausenApril 16, 17:391

If the Elementor editor keeps getting stuck in the loading screen or appears blank, don't worry, this is actually quite common and is usually caused by caching, plugin conflicts, theme issues or lack of memory. You can try to check it step by step: First, open Elementor's "Safe Mode" to see if there is any plugin or theme conflict. Temporarily disable the caching plugin, and clear your browser and website cache at the same time. Try switching your theme to the WordPress default theme, such as Twenty Twenty-Four, and test to see if the editor opens properly. Check if the PHP memory in Elementor > System Info is at least 256M, if not, ask your server administrator to increase it. Use your browser's developer tools (press F12) to see if there are any red errors, which will help you locate the problem faster. Make sure Elementor and your installed plugins are up to date, sometimes version mismatches can cause problems. Finally, clicking "Regenerate CSS" in Elementor > Tools can sometimes fix loading issues. If you've tried all of these things and it doesn't work, you'll need to look at your server's error logs, or send it to Elementor's technical support to take a look at it. Most of the time this problem is solved, so don't worry about it too much.
Small soldier's avatar - Photon Fluctuation Network | Professional WordPress repair service, worldwide, rapid response

skirmishersApril 15, 16:170

The common reasons for WordPress editor to lose content after saving include plugin or theme conflicts, cache issues, database write failures, REST API blocked or browser interference. It is recommended to check plug-ins, clear cache, switch the default theme, check the site health and debugging logs in order to locate the problem step by step.
Thief will be the rat's guts avatar - Photon Fluctuation | Professional WordPress repair service, worldwide, rapid responseDiamond Member

lit. a thief will have the guts of a ratBadge - Little known - Photon Fluctuation Network | Professional WordPress Repair Service, Worldwide, Fast ResponseApril 14, 17:590

If custom fonts are not working in WordPress, it may be due to incorrect font file paths, incorrectly applied CSS selectors, incompatible font formatting, or CSS prioritization issues. Ensure that the font files are loaded correctly and in a compatible format, and check that the CSS rules are applied correctly to the target element. If theme settings override custom fonts, adjust the relevant settings as well. Also, clear the cache and use the browser developer tools to check if any other CSS rules override the font settings.
Zhejiang spotted hyena avatar - Photon Fluctuation | Professional WordPress repair service, worldwide, rapid response

Zhejiang spotted hyenaApril 14, 17:111

Database Operation: Use SQL query to delete all metadata related to All in One SEO from wp_postmeta table. Plugin Reset Function: Find the option to reset or clear data in the All in One SEO plugin settings. WordPress CLI: Use the command line tool to bulk delete metadata related to the plugin. Manual Removal: Remove SEO information one by one through the WordPress backend edit page.