However, the flaw was fixed on October 7 and all users were suggested to upgrade to the new version 2.7.5 in order to avoid further exposure. Several users use the WordPress plugin to utilize pre-designed templates from other website builders including Elementor.
According to Wordfence, such flaw can be exploited in different ways such as taking users to a malicious website, hijacking an admin session to add new admins, or adding a backdoor to the site to take the charge of the entire site.
To avoid such circumstances Wordfence advised all affected users to share this news of the security flaw with the other sites so that they can protect themselves against any cybercrime.
This is not the first time WordPress users experience a vulnerability, on August 3, two serious security flaws were discovered in the Ninja Forms WordPress plugin, putting the data of over 1,000,000 users at danger of being hacked.