Elementor Essential Addons Critical Vulnerability

Wordfence has released a PSA about a critical vulnerability in a popular WordPress plugin: “Essential Addons for Elementor”

On May 11 2023, Essential Addons for Elementor, a WordPress plugin with over one million active installations, released a patch for a critical vulnerability that made it possible for any unauthenticated user to reset arbitrary user passwords, including user accounts with administrative-level access. This vulnerability was discovered and responsibly disclosed by security researcher Rafie Muhammed.

Wordfence Blog