We have been made aware of a vulnerability in a commonly used WordPress Plugin, namely Essential Addons for Elementor. Please check that you are running the latest version of this plugin to ensure that your site is not vulnerable to exploit.
A vulnerability has been found and patched in 5.7.2. The plugin suffers from an unauthenticated privilege escalation vulnerability and allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site thereby granting access to your WordPress administration area allowing upload of plugins/themes etc.
You can check whether you are using this plugin and apply the associated update from within your WordPress dashboard.
Please let us know if you need any guidance on keeping your WordPress up to date.
Vineri, MaI 12, 2023