It has come to the notice of many Wordfence security researchers, that plugins adding an element of the functionality on Elementor are vulnerable to hacker attacks. In response to this, many plugin publishers updated their plugins. Read more at www.searchenginejournal.com
Let us see how these vulnerabilities will eventually affect the performance of the platform.
Stored Cross-Site Scripting Vulnerability:
This vulnerability will create issues every time a malicious script is uploaded and get stored on the website. Every time any user visits the webpage, the malicious script will get activated. Further, this problem will give attackers having a contributor level permission to upload a script in place of an element.
However, a list of 17 elements of Add-on plugins is fixed that includes :
1. Essential Add-on for Elementor
2. Elementor – Header, Footer & Blocks Template
3. Ultimate Add-on for Elementor
4. Premium Add-on for Elementor
6. Elementor Add-on Elements
7. Livemesh Add-on for Elementor
8. HT Mega – Absolute Add-on for Elementor Page Builder
9. WooLentor – WooCommerce Elementor Addons + Builder
10. PowerPack Add on for Elementor
11. Image Hover Effects – Elementor Addon
12. Rife Elementor Extensions & Templates
13. The Plus Addon for Elementor Page Builder Lite
14. All-in-One Add-on for Elementor – WidgetKit
15. JetWidgets For Elementor
16. Sina Extension for Elementor
17. DethemeKit For Elementor
If you are a regular user of third-party plugins, for Elementor, then make sure that you update your plugins to fix any vulnerability. These vulnerabilities will allow hackers to target a site to plot various attacks and strategies for obtaining credentials.
To know whether your add-on plugin is updated, to fix the current error, make sure to contact the publisher of that plugin to ascertain if it is safe.