Security Issues with Royal Elementor Plugins and Themes used in more than 200,000 websites!
Web Design & Creative
The Wordfence Threat Intelligence Team discovered today, October 13th, 2023, that the WordPress plugin Royal Elementor Addons and Templates, which is used by over 200,000 websites, has a recently patched vulnerability that allows unauthenticated attackers to upload arbitrary files to vulnerable sites.
If an unauthenticated attacker uploads a PHP file containing malicious material, such as a backdoor, this allows for remote code execution and full site infiltration. We have successfully stopped 46,169 attacks that attempted to exploit this vulnerability in the previous 30 days. According to our study of this data, assaults against this vulnerability began on or around August 30th, 2023, however we have knowledge that the exploit was actively developed as early as July 27th, 2023.