On April 2, 2023, the Elementor team disclosed a serious security flaw within their Elementor Pro plugin. Elementor Pro is a popular page building plugin used on many WordPress sites, including many of Emberly’s clients who use the WordPress CMS. When used in combination with WooCommerce, the official WordPress eCommerce plugin, the vulnerability allowed malicious users to sign up accounts with normal user roles such as Subscribers or Customers, then elevate their account privileges to Administrators. This vulnerability was patched by the Elementor team in Elementor Pro version 3.11.7.
The Emberly team immediately updated all websites on our Monthly Maintenance plan, quickly closing the security gap for our clients.
Emberly technicians keep up-to-date with the development roadmap on Elementor and other key WordPress plugins, and receives critical security updates via each plugin development team’s official communication channels. As a result, we found out about this update within hours of its disclosure. For our maintenance clients, we perform updates to plugins and themes on a rolling basis after performing testing on compatibility for each new version.
If you’re a Monthly Maintenance client, thank you for working with Emberly! Your website has been updated. If you are not on one of our regular maintenance plans, you can find out about them here. Otherwise, please update the Elementor Pro plugin yourself by following these steps to update a plugin.
We know the Elementor development team, even having met with them personally at international WordPress events, and we trust that they are dedicated to secure, quality code. We believe that they will continue to do everything they can to keep websites using Elementor safe, but as with any third party software or plugin, it is still important to stay appraised of updates and vulnerabilities on a highly regular basis.
You can read more about the vulnerability in the Elementor team’s official post here.