Ars Technica

Hackers exploit WordPress plugin flaw that gives full control of millions of sites

Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The ...
Bleeping Computer

Critical flaw in WordPress add-on for Elementor exploited in attacks

Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025–8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions ...
Searchenginejournal.com

Elementor WordPress Plugin Hit By 6 Vulnerabilities

Security researchers issued an advisory on six unique XSS vulnerabilities discovered in the Elementor Website Builder and its Pro version that may allow attackers to inject malicious scripts.
Searchenginejournal.com

WordPress Elementor Plugin Remote Code Execution Vulnerability

A vulnerability was discovered in Elementor, starting with version 3.6.0, that allows an attacker to upload arbitrary code and stage a full site takeover. The flaw was introduced through a lack of ...
TechRepublic

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk

A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data without logging in. A vulnerability in a widely used WordPress ...
Bleeping Computer

Hackers target vulnerable Wordpress Elementor plugin after PoC released

Hackers are now actively probing for vulnerable Essential Addons for Elementor plugin versions on thousands of WordPress websites in massive Internet scans, attempting to exploit a critical account ...