The wildly popular Elementor site builder plugin has a vulnerability that can allow a third party site to secretly compromise a WordPress site if the user is logged into the site as the administrator. Normally when you are on one site..a third party site is blocked form executing code impersonating you on a different site at the same time. When software has this cross site vulnerability a malicious site can secretly fool your WordPress site into thinking the third party site is you and can effectively steal your administrator credentials. The third party site can then log in as you and do whatever your administrative privileges can do. The Elementor plugin was susceptible to this attack until March 3, 2021.
ETC Maryland Fully Manged Hosting clients were protected against this vulnerability on February 23..the day of this vulnerabilities discovery. All other ETC Maryland clients will be protected by March 25th, 2021
If you would like to know about the advantages of ETC Maryland’s Fully Managed WordPress Hosting feel free to contact us.. You can also listen to my interview with Nathan Neil about how ETC Maryland’s range of hosting services compare to some of the biggest names in the industry.