Saturday, February 15, 2025

WordPress Sites Vulnerable to Essential Addons for Elementor XSS Exploit

WordPress website owners need to be careful. They are strongly warned of a critical security flaw that has been found in the Essential Addons For Elementor plugin. More than 2 million websites have been so far affected globally. Security researchers reveal they have identified Stored Cross-Site Scripting (XSS) vulnerabilities within two widgets of the plugin and these pose a significant risk to website visitors.

It is learned that the vulnerability lies within the Countdown Widget and Woo Product Carousel Widget. Both are integral parts of the Essential Addons For Elementor plugin. The flaws basically allow attackers to upload malicious scripts on the websites and this potentially compromises visitor browsers. The attackers can even steal sensitive information such as session cookies. They ultimately get control over the website.

XSS vulnerabilities stem from inadequate sanitization and output escaping processes. These safeguard the websites from malicious inputs and hence the unwanted data does not reach the browsers. In the latest finding, failure has been seen in proper filtering.

The vulnerability requires attackers to be authenticated. This means that they need to obtain website credentials first. The attackers can exploit this flaw.

The threat is alarming and immediate action need to be taken. The vulnerability has been classified as a medium-level threat with score of 6.4 out of 10 on the severity scale. Users with Essential Addons For Elementor versions 5.9.11 or lower are strongly advised to upgrade to the latest version to overcome the risk and safeguard their websites.

It is strongly suggested not to leave the website vulnerable to exploitation. Website owners should take proactive steps to ensure security.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Saas listing

Share your experience and write review on the Apps you have used and win gifts weekly

VBOUT

0 out of 5
Email Marketing

Pabbly Connect – API Based Automation

0 out of 5

FastComet – Web Hosting

0 out of 5

GoZen Growth – Email Marketing Software

0 out of 5

Related Articles

Orbis Research Provides Comprehensive Analysis of Bulk Email Marketing Market Trends

Bulk email marketing industry is undergoing a significant transformation. It is being driven by advancements in technology and changing consumer...
Read more
Maintaining a strong online presence is important in today’s digital era. Businesses of all sizes should have online exposure. Amid...
AI integration into social media is increasing at a rapid pace. It is reshaping how businesses and users interact online....