Security Expert Re: Critical RCE WordPress Flaw May Affect 500K+ Sites

By   ISBuzz Team
Writer , Information Security Buzz | Apr 14, 2022 07:19 am PST

A critical RCE flaw identified in the Elementor WordPress plugin could 500k or more sites. its critical severity is given by the fact that anyone logged into the vulnerable website can exploit it, including regular subscribers. A threat actor creating a normal user account on an affected website could change the name and theme of the affected site making it look entirely different. Plugin Vulnerabilities has also published a proof of concept (PoC) to prove the exploitability, increasing the risk of vulnerable websites to be compromised.