Critical 0-day in The Plus Addons for Elementor Allows Site Takeover

Posted on March 8, 2021March 8, 2021

Today, March 8, 2021, the Wordfence Threat Intelligence team became aware of a critical 0-day in The Plus Addons for Elementor, a premium plugin that we estimate has over 30,000 installations. This vulnerability was reported this morning to WPScan by Seravo, a hosting company. The flaw makes it possible for attackers to create new administrative user accounts on vulnerable sites, if user registration is enabled, along with logging in as other administrative users.

The Plus Addons for Elementor Lite, the free version by the same developer, does not appear to be vulnerable to this exploit.

None of the sites currently under management by ProtectYourWP.com are affected by this bug.

Full details: https://www.wordfence.com/blog/2021/03/critical-0-day-in-the-plus-addons-for-elementor-allows-site-takeover

Firefox ZeroDay: Update to 72.0.1 now.

Posted on January 13, 2020January 13, 2020

Be sure Firefox is updated fully to v72.0.1 due to critical vulnerability:

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
https://techcrunch.com/2020/01/10/firefox-security-bug-zero-day/

Mozilla says a new Firefox security bug is under active attack