In this post, WordPress security writer Muhammad explains how a flaw has been disclosed in the plugin Essential Addons for Elementor that allows attackers to gain privileged privileges over websites.
The issue, officially marked as CVE-2023-32243, has been addressed by the plugin maintainers in version 5.7.2.2 that was shipped on May 11, 2023.Successful exploitation of the flaw could permit a threat actor to reset the password of any arbitrary user as long as the malicious party is aware of their username.
This can have serious ramifications as the flawcould be weaponized to reset passwords associated with an administrator account and seize full control of the website.
This vulnerability occurs because this password reset function does not validate a password reset key and instead directly changes thepassword of the given user, Muhammad explained.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply