A recent report revealed a serious security vulnerability within the content management system “Word Press” that causes the privacy of millions to be violated.
The researcher at NinTechNet information security company, Jerome Bruandt, stated that the vulnerability, which was rated 8.8 in terms of its severity, is contained within an add-on called Elementor Pro, which allows its users to create websites with high-quality professional tools and features, and the number of its users reaches 12 million websites on ” WordPress.
The report states that the seriousness of the vulnerability lies in the fact that it allows any user or visitor to the affected sites to create a new account with superior powers to manage the sites, and according to which he obtains full authority to dispose of all forms of content available on those sites.
The report adds that the vulnerability allows the hacker to create an account with the authority of a site manager, to fully control the published or displayed content, and he can also cancel the accounts of the current managers, which makes the site in the hands of the hacker, and the site managers will not be able to recover it easily.
Elementor, which developed the add-on where the security vulnerability appeared, tried to fix it and released a software update bearing the number 3.11.7 to fill it.
PatchStack, an information security company, explained that the vulnerability is already being exploited by groups of hackers to launch attacks on websites built on the “Word Press” system and using plugins infected with the vulnerability.
Security researchers warned all users of the infected extensions, and stressed the need to update them to the latest version released by the developers to ensure the safety of their websites, preserve the privacy of their data, and ensure that hackers do not access site data.
And according to Statista statistics, the number of websites running the “Word Press” system reached 810 million in 2022.
