3.5 million WordPress websites are at risk due to Multiple Security Vulnerabilities

More than 15 add-ons for the WordPress plugin and famous website builder Elementor have been found to have vulnerabilities by the Wordfence Threat Intelligence team.

These 15 Elementor add-ons are built on over 3.5 million WordPress sites, and Wordfence discovered over 100 vulnerable endpoints in total.

In terms of execution, these stored cross-site scripting (XSS) vulnerabilities are close to the severe vulnerability in Elementor that the company recently fixed. They allow anyone with access to the website builder, including contributors, to add JavaScript to posts when they are abused.

This JavaScript would then be executed when another user on the web viewed, edited or reviewed an article, and it could be used to take over the site if the victim is an administrator.

Many of the insecure add-ons have been patched, according to Wordfence. Wordfence approached the WordPress repository directly to get the vulnerable add-ons checked in these situations.

Sites using Elementor with several contributors who are running an unpatched version of one of these add-ons should be considered vulnerable. As a result, Wordfence advises site owners to update as soon as possible.

Disclosure: Our content is reader-supported, which means that if you click on some of our links that we may earn a commission.