Elementor claims to be used on over seven million WordPress websites. The stored cross-site scripting vulnerability was discovered by Wordfence, who develop security solutions including plugins to protect WordPress.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
- Host your websites with these best WordPress hosting providers
- We’ve highlighted the best cloud hosting providers
- These are the best WordPress themes
Wordfence disclosed the vulnerability to Elementor last month, and it has since been patched.
What made the vulnerability particularly dangerous was that it could be exploited even by someone with Contributor permissions on a WordPress website. Contributors have the least number of administrative privileges.
The researchers suggest that the solution to preventing this type of vulnerability is to enforce a list of allowed HTML tags on the server side, rather than just on the client side. “Indeed, this is the approach the patched version uses to correct the issue”, concludes Wordfence.
- Here are some of the best free website builders