According to researchers, a critical vulnerability found in a widely used WordPress plugin is being actively exploited by hackers, granting them complete control over millions of sites.

The vulnerability has been given a severity rating of 8.8 out of 10 and is present in Elementor Pro, a premium plugin that runs on over 12 million sites powered by WordPress. Elementor Pro enables users to create high-quality websites using a variety of tools, including WooCommerce, another WordPress plugin. If these tools are used together, anyone with an account on the site, such as a subscriber or customer, can create new accounts with full administrative privileges.

To avoid falling victim to this exploit, users of Elementor Pro should ensure that they are running version 3.11.7 or higher, as all previous versions are vulnerable. It is also advisable for these users to check their websites for any signs of infection listed in the PatchStack post.