Critical Bug in WordPress Plugins - Open Sites to Hacker Takeovers

Security researchers are warning users of two WordPress plugins – made by Brainstorm Force – that they need to patch a “major” vulnerability that could allow hackers to gain administrative access to any website using the plugins. According to Brainstorm Force, it is only aware of one customer who had its website compromised because of this bug. However, another source is also reported a successful attack since the bug was discovered on Wednesday.

The plugins in question are Ultimate Addons for Beaver Builder and Ultimate Addons for Elementor. Both WordPress plugins are designed to help website publishers easily add advanced designs and user functions to websites built using the specific frameworks Beaver Builder and Elementor.

“[This is] a major vulnerability that could allow hackers to gain admin access to any WordPress website that had the plugin installed. This means hackers can gain full control of your website if you are using the plugin,” wrote security firm MalCare, in a post published Thursday.

Read more