This post describes a recent compromise of the popular Elementor plugin Essential Addons, which was assigned the CVE identifier CVE-2023-32243.
Elementor’s active Essential Addons exploit affects over a million websites worldwide, including those hosted on GreenGeeks.
Even if you are not a web development professional, it is important that you understand the impact of this breach and the steps we have taken to protect our website.
understand infringement
The Essential Addons for Elementor plugin is a widely used tool that enables website owners to create stunning designs and layouts without any coding expertise.
Unfortunately, all software has vulnerabilities and Elementor plugins are no exception.
Recently, a security flaw identified as CVE-2023-32243 was discovered in the plugin’s codebase.
This vulnerability allows an unauthenticated user to reset user passwords, including user accounts with administrator-level access.
It’s important to note that this vulnerability affects older versions of the affected plugins, so it’s important to update to the latest version to be protected.
Our Proactive Approach and Keeping Our Websites Secure
Simply put, GreenGeeks takes website security seriously.
GreenGeeks is not a fully managed provider, but we take proactive steps to protect our clients in the event of such a severe vulnerability.
In this case, we have already taken corrective action for impacted customers, updating required add-ons for Elementor plugins to newly patched versions as needed.
We’ve updated Elementor’s essential add-ons on our network, but we still need to proactively secure our website.
Keeping your software up to date is your best defense, as in most cases simply updating to the latest version available from the official WordPress repository fixes vulnerabilities and makes your website more secure.
The best way to keep your site up-to-date is to use the WordPress auto-update system within wp-admin and without third-party software.
Conclusion
At GreenGeeks, our clients’ security is our priority and we strive to keep them informed about potential security threats to give them peace of mind.
We have taken the important steps to update the affected site with the Essential Addons for Elementor plugin and remove the vulnerability, however, to maintain the overall security of our hosting account, we have removed the We recommend updating all other installed software.
Remember that staying alert for vulnerabilities and keeping your software up-to-date is important for a secure online presence.
If you have any questions or concerns about this vulnerability or its impact on your GreenGeeks account, please feel free to contact the GreenGeeks technical support team.