Critical Privilege Escalation in Essential Addons for Elementor Plugin

Home/malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Tips, vulnerability/Critical Privilege Escalation in Essential Addons for Elementor Plugin

Critical Privilege Escalation in Essential Addons for Elementor Plugin

WordPress plugins allow organizations to quickly extend the functionality of their websites without requiring any coding or advanced technical skills. But they have also been the biggest source of risk for website operators in recent years.

CVE-2023-32243 Vulnerability

PatchStack researchers discovered that the vulnerability, CVE-2023-32243 (CVSS score: 9.8, Critical), exists in the Essential Addons for Elementor plugin’s password reset functionality and could allow an unauthenticated attacker to perform privilege escalation

Version Affected



The code for resetting user passwords does not properly check if the password reset key is present and legitimate. This means that a remote attacker could exploit the issue to reset the password of any existing user on the system, as long as they know the user’s username.

Patchstack counted 4,528 new vulnerabilities in WordPress plugins in 2022 alone, a startling 328% increase over the 1,382 it observed in 2021. 


Request to upgrade to version 5.7.2.Users of Essential Addons for Elementor are advised to update to the latest version of the plugin as soon as possible to protect their WordPress websites from the security vulnerability.

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!