Saturday, July 20, 2024

WordPress Sites Vulnerable to Essential Addons for Elementor XSS Exploit

WordPress website owners need to be careful. They are strongly warned of a critical security flaw that has been found in the Essential Addons For Elementor plugin. More than 2 million websites have been so far affected globally. Security researchers reveal they have identified Stored Cross-Site Scripting (XSS) vulnerabilities within two widgets of the plugin and these pose a significant risk to website visitors.

It is learned that the vulnerability lies within the Countdown Widget and Woo Product Carousel Widget. Both are integral parts of the Essential Addons For Elementor plugin. The flaws basically allow attackers to upload malicious scripts on the websites and this potentially compromises visitor browsers. The attackers can even steal sensitive information such as session cookies. They ultimately get control over the website.

XSS vulnerabilities stem from inadequate sanitization and output escaping processes. These safeguard the websites from malicious inputs and hence the unwanted data does not reach the browsers. In the latest finding, failure has been seen in proper filtering.

The vulnerability requires attackers to be authenticated. This means that they need to obtain website credentials first. The attackers can exploit this flaw.

The threat is alarming and immediate action need to be taken. The vulnerability has been classified as a medium-level threat with score of 6.4 out of 10 on the severity scale. Users with Essential Addons For Elementor versions 5.9.11 or lower are strongly advised to upgrade to the latest version to overcome the risk and safeguard their websites.

It is strongly suggested not to leave the website vulnerable to exploitation. Website owners should take proactive steps to ensure security.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Saas listing

Share your experience and write review on the Apps you have used and win gifts weekly

VBOUT

0 out of 5
Email Marketing

Pabbly Connect – API Based Automation

0 out of 5

FastComet – Web Hosting

0 out of 5

GoZen Growth – Email Marketing Software

0 out of 5

Related Articles

Digital PR World Unveils Game-Changing Guaranteed SEO Ranking Services

The digital marketing sector is moving at a fast pace and achieving a high ranking on Google’s Search Engine Results...
Read more
Optimizing images is crucial in 2024 for maintaining site speed as well as search engine performance. Images are integral to...
Social media marketing has witnessed shift in recent past years. It has not been short-form video. It has not been...