Flaw in Elementor & Beaver Addons Let Anyone Hack WordPress Sites
by umerkhan - December 14, 2019 at 10:23 AM
#1
If you’re using the Ultimate Addons plugin, we urge you to update to the latest version immediately! The vulnerable version is 1.0. You need to update to the latest version released on 11th December 2019.

To exploit the vulnerability, the hacker needs to use the email ID of an admin user of the site. In most cases, this information can be retrieved fairly easily. A few hosting providers also make it easy to find the admin email ID of a website. If a hacker knows the email ID of any user of a WordPress website, they can craft a special request and gain admin control.
#2
thanks for the info, frankly I'm no longer surprised by wordpress vulnerabilities there are too many of them..

Possibly Related Threads…
Thread Author Replies Views Last Post
Wordpress 0day is being Exploited(Remote Code Execution) umerkhan 1 73 Yesterday at 05:42 PM
Last Post: BlackGuruX
Pre-auth bug in WordPress plugin umerkhan 4 117 February 18, 2020 at 09:43 PM
Last Post: mwilson111073
New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS umerkhan 11 551 October 25, 2019 at 11:44 AM
Last Post: mag1ca

 Users browsing this thread: 1 Guest(s)