Hackers exploit critical flaw in WordPress Royal Elementor plugin

Two WordPress security teams are reportedly actively exploiting a critical severity issue that affects Royal Elementor Addons and Templates up to version 1.3.78.

The vulnerability was used by hackers as a zero-day as the exploitation was discovered prior to the vendor’s fix being published.

‘WP Royal’ offers a website-building kit called Royal Elementor Addons and Templates that makes it easy to create web elements without any coding experience. There are more than 200,000 active installs, according to WordPress.org.

The add-on is vulnerable to a bug that is listed as CVE-2023-5360 (CVSS v3.1: 9.8 “critical”), which enables unauthorized attackers to upload files arbitrarily to susceptible websites read more Hackers exploit critical flaw in WordPress Royal Elementor plugin.

Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *