On March 22nd, 2023 a security patch was issued for the popular website builder plugin Elementor Pro. Website administrators using this plugin should immediately patch to at least version 3.11.7 to avoid a potential website compromise.
The security issue is reported to affect only the Pro version of the plugin and not the free version hosted at wordpress.org.
The vulnerability allows authenticated users to arbitrarily change wp_options values within the database via the AJAX action of Elementor Pro working in conjunction with WooCommerce.
Continue reading High Severity Vulnerability in WordPress Elementor Pro Patched at Sucuri Blog.