Last Updated on 22/11/2021 by Riya
A security flaw has been found in a famous plugin that puts over a million WordPress websites’ data at risk. Wordfence Threat Intelligence experts disclosed a hole in the Starter Templates – Elementor, Gutenberg & Beaver Builder Templates plugin assist contributor-level users to overwrite any page on the website and inject malicious JavaScript at will.
However, the flaw was fixed on October 7 and all users were suggested to upgrade to the new version 2.7.5 in order to avoid further exposure. Several users use the WordPress plugin to utilize pre-designed templates from other website builders including Elementor.
According to Wordfence, such flaw can be exploited in different ways such as taking users to a malicious website, hijacking an admin session to add new admins, or adding a backdoor to the site to take the charge of the entire site.
To avoid such circumstances Wordfence advised all affected users to share this news of the security flaw with the other sites so that they can protect themselves against any cybercrime.
This is not the first time WordPress users experience a vulnerability, on August 3, two serious security flaws were discovered in the Ninja Forms WordPress plugin, putting the data of over 1,000,000 users at danger of being hacked.