To the point:
- The security flaw in the Plus Addons for Elementor plugin was used in active zero-day attacks.
- The plugin has more than 25,000+ active installations.
- The bug was found on Monday and was completely patched the next day.
The Plus Addons for Elementor plugin for WordPress has a crucial security flaw that attackers can use to gain control of a website easily. Researchers say the flaw, which was first identified as a zero-day vulnerability, is now being aggressively targeted in the wild.
The plugin has more than 25,000+ active installations. Seravo, a web hosting company, first reported the vulnerability to WPScan as a zero-day vulnerability that was being actively exploited by cyberattackers.
The bug was completely patched the next day.
ALL the site owners who are using it, should update to the newest version of the plugin.