Bleeping Computer

WordPress Elementor plugin bug let attackers hijack accounts on 1M sites

One of WordPress's most popular Elementor plugins, "Essential Addons for Elementor," was found to be vulnerable to an unauthenticated privilege escalation that could allow remote attacks to gain ...
Searchenginejournal.com

2M+ WordPress Sites Hit By Essential Addons For Elementor Vulnerability

Two Stored Cross-Site Scripting (XSS) vulnerabilities could allow attackers to inject malicious scripts into WordPress sites XSS vulnerabilities originated with inadequate sanitization and output ...
Bleeping Computer

Critical flaw in WordPress add-on for Elementor exploited in attacks

Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025–8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions ...
Searchenginejournal.com

WordPress Vulnerability in Essential Addons for Elementor

According to the U.S. Government NIST website, vulnerabilities on the Essential Addons for Elementor plugin made it possible for an attacker to launch a a Local File Inclusion attack, which is an ...

Elementor just made it easier to improve website accessibility

Elementor first released its web accessibility plugin called Ally in November 2025. The company argued it was better than ...