This post discusses the recent compromise of the popular Essential Addons plugin for Elementor, which was assigned the CVE identifier CVE-2023-32243.
The active Essential Addons for Elementor exploit affects more than a million websites worldwide, including those hosted by GreenGeeks.
Even if you’re not an expert web developer, it’s important to understand the implications of this commitment and the steps we’ve taken to protect your websites.
understand commitment
The Essential Addons for Elementor plugin is a widely used tool that allows website owners to create amazing layouts and layouts without any coding experience.
Unfortunately, all programs have vulnerabilities and the Elementor plugin is no exception.
Recently, a security flaw, identified as CVE-2023-32243, was discovered within the plugin’s codebase.
This vulnerability allows any unauthenticated user to reset user passwords, including user accounts with administrative level access.
It is important to note that this vulnerability affects older versions of the affected plugin, and updating to the latest version is crucial for protection.
Our proactive approach and guarantee of the security of your website
Simply put, GreenGeeks is serious about your website security!
Although we are not a fully managed provider, GreenGeeks takes proactive steps in these cases of severe vulnerabilities to protect our customers.
In this case, we have already taken corrective action for our affected customers, updating the essential plugins for Elementor plugin to the newly patched version as needed.
While we have updated the Essential Addons for Elementor on our network, you need to remain proactive in protecting your website.
In most cases, the best defense is to keep your software up to date, as simply updating to the latest version available from the official WordPress repository will fix vulnerabilities and improve the security of your website.
The best way to keep your site up to date is to use the WordPress auto update system within wp-admin, avoiding the need for any third party software.
Conclusion
At GreenGeeks, we prioritize the security of our customers and strive to help you stay informed about potential security threats to ensure your peace of mind.
Although we have taken the critical steps to update the affected sites using the Essential Plugins for Elementor plugin and remove the vulnerability, we encourage you to update all other software installed on your GreebGeeks account to maintain the overall security of your hosting account.
Remember, being aware of vulnerabilities and keeping your software up to date is crucial to a secure online presence.
If you have any questions or concerns about this vulnerability or its impact on your GreenGeeks account, please do not hesitate to contact the GreenGeeks technical support team for assistance.