Published on 01 Apr 2023
There are reports of active exploitation of a high-severity vulnerability in Elementor Pro to redirect visitors to malicious domains, or upload backdoors to the compromised site. Elementor Pro is a WordPress page builder plugin that also features a WooCommerce builder for online shops.
More information is available here:
https://patchstack.com/articles/critical-elementor-pro-vulnerability-exploited/
https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-3-11-6-authenticated-arbitrary-options-change-vulnerability
https://www.bleepingcomputer.com/news/security/hackers-exploit-bug-in-elementor-pro-wordpress-plugin-with-11m-installs/