A vulnerability in older versions of Elementor Pro allows users to grant themselves admin access to WordPress sites running WooCommerce. Reports from around the world confirm that some websites have been taken over by hackers.
All versions of Elementor Pro up to and including 3.11.6 are at risk. All versions from 3.11.7 onward are patched.
Check your plugins ASAP
- Log into WordPress
- In the left-hand menu, open Plugins > Installed Plugins
- In the Plugins screens, check your Elementor Pro version.
- If you are running Elementor Pro 3.11.6 or lower, update the plugin.
All versions of Elementor Pro from 3.11.7 have fixed this vulnerability. Version 3.12.1, released 2 April 2023, is the latest version at the time of writing.