X

WordPress Elementor Pro plugin exploit: How to keep your website safe

A recently patched security vulnerability in the popular WordPress plugin – Elementor Pro, has become a gateway to exploitation attacks.

The Elementor Pro is a premium plugin that is used across more than 12 million sites, оften along with the WooCommerce plugin. 

Hackers exploited a critical vulnerability in the plugin to give anyone with an account full administrative control over the site.

Depending on the extent of the exploit, they may redirect the compromised site to another malicious domain or upload a malicious plugin or backdoor.

Does that affect you?

If you have an older version of Elementor Pro (3.11.6 or earlier) and WooCommerce set up on your website, you are potentially vulnerable to this security flaw.

The problem has been fixed in version 3.11.7, which came out on March 22.

NOTE: So, to mitigate potential threats, Elementor Pro users are recommended to update to 3.11.7 or 3.12.0 – the latest version, as soon as possible.

What are the signs of an attack?

According to Patchstack, a cyber security and monitoring platform, the following signs of infection can be used to detect exploitation attacks:

Most of the attacks are coming from a variety of IP addresses, including:

  • 193.169.194.63
  • 193.169.195.64
  • 194.135.30.6

The following file names are often seen on compromised sites:

  • wp-resortpack.zip
  • wp-rate.php
  • lll.zip

URLs of compromised sites are often being changed to:

  • away[dot]trackersline[dot]com

What should you do if your website has been hacked?

As soon as you find out that your website has been affected by the attack, you should first restore a clean backup of your website.

If you need help with that, you can contact our tech support team for assistance.

Once your clean backup has been restored, you will be ready to update to the latest version of Elementor Pro.

NOTE: This incident serves as a helpful reminder to always keep your plugins updated to lower the risk of security issues on your websites.

admin: