A critical vulnerability discovered in the popular WordPress plugin, Elementor Pro, is putting millions of websites at risk of being taken over by hackers. With a severity rating of 8.8 out of 10, this vulnerability can potentially allow unauthorized individuals to gain complete control of a website.

Elementor Pro is a widely used plugin by over 12 million websites that operate on the WordPress content management system. It provides an array of features for creating visually appealing websites, including WooCommerce, a separate WordPress plugin.

The vulnerability can be exploited when certain conditions are met, such as a user account on the website, which enables a subscriber or customer to create new accounts with full administrative privileges.

Jerome Bruandet, a security researcher with NinTechNet, discovered the flaw. Elementor has released a patch with version 3.11.7 to fix the vulnerability. Bruandet wrote:

An authenticated attacker can leverage the vulnerability to create an administrator account by enabling registration and setting the default role to “administrator”, change the administrator email address, or redirect all traffic to an external malicious website by changing among many other possibilities.

According to PatchStack, a separate security firm, the vulnerability is already being exploited by hackers.

If you are using Elementor Pro, it is essential to ensure that you have updated to version 3.11.7 or later, as any earlier version is susceptible to the vulnerability. Additionally, users should examine their websites for indications of infection.


Here are some measures to secure your website from the Elementor Pro vulnerability:

  1. Update to the latest version: Ensure that you have updated to version 3.11.7 or later of Elementor Pro.
  2. Conduct a security scan: Perform a thorough security scan on your website to detect any potential signs of compromise.
  3. Disable registration: If registration is not a crucial feature of your website, disable it to prevent attackers from exploiting the vulnerability.
  4. Use strong passwords: Encourage users to create strong and unique passwords for their accounts.
  5. Monitor website activity: Monitor your website activity regularly for any suspicious activity or unauthorized access.
  6. Consider using a security plugin: Consider using a reputable security plugin to enhance the security of your website.


The Elementor Pro vulnerability is a severe threat to millions of WordPress websites, and it is essential to take immediate action to prevent exploitation. By following the above measures, you can ensure that your website remains secure and safeguarded from malicious attacks. Remember to keep your website up-to-date, use strong passwords, and monitor your website activity regularly to prevent any unauthorized access.

YouTube player

Leave a Comment