{"id":9884,"date":"2020-05-13T10:00:00","date_gmt":"2020-05-13T14:00:00","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/blog\/?p=9884"},"modified":"2025-01-22T16:38:01","modified_gmt":"2025-01-22T21:38:01","slug":"attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/","title":{"rendered":"Attacks on Elementor Pro and Ultimate Addons Place WordPress Sites at Risk"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/05\/elementor_security_update-1024x538.png\" alt=\"Elementor security update | InMotion Hosting\" class=\"wp-image-9898\" srcset=\"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/05\/elementor_security_update-1024x538.png 1024w, https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/05\/elementor_security_update-300x158.png 300w, https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/05\/elementor_security_update-768x403.png 768w, https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/05\/elementor_security_update-560x294.png 560w, https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/05\/elementor_security_update.png 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"alert alert-info\"><strong>Update:<\/strong> Elementor Pro has released version 2.9.4 to patch the vulnerability as of May 7, 2020. The maker of the Ultimate Addons -Brainstorm Force- has also released the patched version, version 1.24.2. <em>If you are using Elementor Pro or the Ultimate Addons plugin please update to this version immediately<\/em>.<\/p>\n\n\n\n<p>Attacks on WordPress sites using Elementor Pro and the Ultimate Addons for Elementor are the result of vulnerabilities in both of these plugins. If you use these plugins then you should take immediate action to protect your site from being hacked. If you have not already done so, make sure you do the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a rel=\"noreferrer noopener\" href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/plugins\/total-upkeep\/\" target=\"_blank\">Back up your site<\/a><\/li><li>Update your Elementor and Ultimate Addons plugins to the latest version<\/li><li>Update your security software (if you are using an application) &#8211; check with your plugin developer to make sure they have addressed this issue<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">What are the Vulnerabilities Being Exploited?<\/h2>\n\n\n\n<p><strong><a rel=\"noreferrer noopener\" href=\"https:\/\/elementor.com\/\" target=\"_blank\">Elementor Pro (version 2.9.3 or lower) <\/a><\/strong>has a zero-day vulnerability which makes the application open to exploitation if users are set to open registration.<\/p>\n\n\n\n<p class=\"alert alert-info\">A <strong> zero day vulnerability<\/strong> is a flaw in the software that immediately effects the application.<\/p>\n\n\n\n<p>The <strong><a rel=\"noreferrer noopener\" href=\"https:\/\/uaelementor.com\/\" target=\"_blank\">Ultimate Addons for Elementor (version 1.24.1 or lower)<\/a><\/strong> plugin by Brainstorm Force has a flaw that allows the Elementor Pro vulnerability to be exploited even if users are not set to open registration.<\/p>\n\n\n\n<p>As of the date of this article, both plugins have been updated to patch the vulnerability.  Update your plugins immediately to prevent any possible hacks to your site from these vulnerabilities. <em>Note that this exploit does not affect the free version of Elementor.<\/em> <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What can you do now?<\/h2>\n\n\n\n<p>There are a number of steps that you can take if you suspect your site has been hacked.  Backup is a preventative measure that should be put in place when you know your code has <em>not<\/em> been compromised. However, it is still the number one measure that should be part of any emergency response plan for your website endeavors. If for some reason you cannot immediately apply the patch:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Downgrade to an earlier version of the plugins<\/li><li>Backup your current version (don&#8217;t overwrite any existing backups), then restore an earlier version of your site if you have one. You should still update your plugins as soon as possible<\/li><li>Check your WordPress Users to make sure you don&#8217;t have any unknown users that have been added through the exploit<\/li><li>Consult with a security agency like <a rel=\"noreferrer noopener\" href=\"https:\/\/sucuri.net\/\" target=\"_blank\">Sucuri<\/a> or <a rel=\"noreferrer noopener\" href=\"https:\/\/www.wordfence.com\/\" target=\"_blank\">WordFence<\/a> to help  clean up your site<\/li><\/ul>\n\n\n\n<p>We hope that this helps to bring this security issue to your attention if you are an Elementor Pro user.  If you want to learn more about WordPress on topics like recommended plugins, then please see our <a rel=\"noreferrer noopener\" href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/\" target=\"_blank\">WordPress Education channel<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Update: Elementor Pro has released version 2.9.4 to patch the vulnerability as of May 7, 2020. The maker of the Ultimate Addons -Brainstorm Force- has also released the patched version, version 1.24.2. If you are using Elementor Pro or the Ultimate Addons plugin please update to this version immediately. Attacks on WordPress sites using Elementor<a class=\"moretag\" href=\"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/\"> Read More ><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[32],"tags":[],"class_list":["post-9884","post","type-post","status-publish","format-standard","hentry","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>WordPress Sites at Risk: Attacks on Elementor Pro and Ultimate Addons<\/title>\n<meta name=\"description\" content=\"Attacks on WordPress sites using Elementor Pro and the Ultimate Addons for Elementor are the result of vulnerabilities with both plugins.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WordPress Sites at Risk: Attacks on Elementor Pro and Ultimate Addons\" \/>\n<meta property=\"og:description\" content=\"Attacks on WordPress sites using Elementor Pro and the Ultimate Addons for Elementor are the result of vulnerabilities with both plugins.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-13T14:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-22T21:38:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/05\/elementor_security_update.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"InMotion Hosting\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@inmotionhosting\" \/>\n<meta name=\"twitter:site\" content=\"@inmotionhosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"InMotion Hosting\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WordPress Sites at Risk: Attacks on Elementor Pro and Ultimate Addons","description":"Attacks on WordPress sites using Elementor Pro and the Ultimate Addons for Elementor are the result of vulnerabilities with both plugins.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/","og_locale":"en_US","og_type":"article","og_title":"WordPress Sites at Risk: Attacks on Elementor Pro and Ultimate Addons","og_description":"Attacks on WordPress sites using Elementor Pro and the Ultimate Addons for Elementor are the result of vulnerabilities with both plugins.","og_url":"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/","og_site_name":"InMotion Hosting Blog","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting","article_published_time":"2020-05-13T14:00:00+00:00","article_modified_time":"2025-01-22T21:38:01+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/05\/elementor_security_update.png","type":"image\/png"}],"author":"InMotion Hosting","twitter_card":"summary_large_image","twitter_creator":"@inmotionhosting","twitter_site":"@inmotionhosting","twitter_misc":{"Written by":"InMotion Hosting","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/"},"author":{"name":"InMotion Hosting","@id":"https:\/\/www.inmotionhosting.com\/blog\/#\/schema\/person\/f21a89c83c7697a760c96cfe58e646bc"},"headline":"Attacks on Elementor Pro and Ultimate Addons Place WordPress Sites at Risk","datePublished":"2020-05-13T14:00:00+00:00","dateModified":"2025-01-22T21:38:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/"},"wordCount":460,"commentCount":0,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/05\/elementor_security_update-1024x538.png","articleSection":["News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/","url":"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/","name":"WordPress Sites at Risk: Attacks on Elementor Pro and Ultimate Addons","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/#primaryimage"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/05\/elementor_security_update-1024x538.png","datePublished":"2020-05-13T14:00:00+00:00","dateModified":"2025-01-22T21:38:01+00:00","description":"Attacks on WordPress sites using Elementor Pro and the Ultimate Addons for Elementor are the result of vulnerabilities with both plugins.","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/#primaryimage","url":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/05\/elementor_security_update.png","contentUrl":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/05\/elementor_security_update.png","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/blog\/attacks-on-elementor-pro-and-ultimate-addons-place-wordpress-sites-at-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/blog\/"},{"@type":"ListItem","position":2,"name":"News","item":"https:\/\/www.inmotionhosting.com\/blog\/news\/"},{"@type":"ListItem","position":3,"name":"Attacks on Elementor Pro and Ultimate Addons Place WordPress Sites at Risk"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/blog\/#website","url":"https:\/\/www.inmotionhosting.com\/blog\/","name":"InMotion Hosting Blog","description":"Web Hosting Strategy, Trends and Security","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/blog\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2019\/11\/imh-logo-all-colors-big.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2019\/11\/imh-logo-all-colors-big.jpg","width":1630,"height":430,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting","https:\/\/x.com\/inmotionhosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/blog\/#\/schema\/person\/f21a89c83c7697a760c96cfe58e646bc","name":"InMotion Hosting","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/eb965eada0c0513dd2e1976b21fe270fa4f19ac273960fc080f9d46b81b353a4?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/eb965eada0c0513dd2e1976b21fe270fa4f19ac273960fc080f9d46b81b353a4?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/eb965eada0c0513dd2e1976b21fe270fa4f19ac273960fc080f9d46b81b353a4?s=96&r=g","caption":"InMotion Hosting"},"url":"https:\/\/www.inmotionhosting.com\/blog\/author\/imhmainadmin\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"primary_category":{"id":32,"name":"News","slug":"news","link":"https:\/\/www.inmotionhosting.com\/blog\/news\/"},"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/posts\/9884","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/comments?post=9884"}],"version-history":[{"count":8,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/posts\/9884\/revisions"}],"predecessor-version":[{"id":66608,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/posts\/9884\/revisions\/66608"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/media?parent=9884"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/categories?post=9884"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/tags?post=9884"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}