WP Elementor Ecosystem (WordPress) Update
1604Warning Date
Severity Level
Warning Number
Target Sector
15 April, 2021
● Medium
2021-2769
All
Description:
Wordfence has released a security update to address several vulnerabilities in the following product:
- Elementor Ecosystem
- Essential Addons for Elementor (essential-addons-for-elementor-lite)
- Elementor – Header, Footer & Blocks Template (header-footer-elementor)
- Ultimate Addons for Elementor (ultimate-elementor)
- Premium Addons for Elementor (premium-addons-for-elementor)
- ElementsKit (elementskit-lite) and ElementsKit Pro (elementskit)
- Elementor Addon Elements (addon-elements-for-elementor-page-builder)
- Livemesh Addons for Elementor (addons-for-elementor)
- HT Mega – Absolute Addons for Elementor Page Builder (ht-mega-for-elementor)
- WooLentor – WooCommerce Elementor Addons + Builder (woolentor-addons)
- PowerPack Addons for Elementor (powerpack-lite-for-elementor)
- Image Hover Effects – Elementor Addon (image-hover-effects-addon-for-elementor)
- Rife Elementor Extensions & Templates (rife-elementor-extensions)
- The Plus Addons for Elementor Page Builder Lite (the-plus-addons-for-elementor-page-builder)
- All-in-One Addons for Elementor – WidgetKit (widgetkit-for-elementor)
- JetWidgets For Elementor (jetwidgets-for-elementor)
- Sina Extension for Elementor (sina-extension-for-elementor)
- DethemeKit For Elementor (dethemekit-for-elementor)
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS)
Best practice and Recommendations:
The CERT team encourages users to review Wordfence security advisory and apply the necessary updates: