SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without ...
Searchenginejournal.com

Elementor WordPress Plugin Hit By 6 Vulnerabilities

Security researchers issued an advisory on six unique XSS vulnerabilities discovered in the Elementor Website Builder and its Pro version that may allow attackers to inject malicious scripts.
Bleeping Computer

Critical flaw in WordPress add-on for Elementor exploited in attacks

Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025–8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions ...
Morningstar

Elementor One Redefines What Professional Website Creation Looks Like on WordPress

A milestone offering that integrates creation, optimization, and site management into a single experience, expanding the professional Elementor Editor that creators trust. TEL AVIV, Israel, Jan. 20, ...
The Times of Israel

WordPress site builder Elementor buys Strattic in all-Israeli deal

Israeli company Elementor, the developer of a building platform for WordPress websites, has acquired Strattic, a web development and hosting solutions outfit based in Jerusalem, in an all-Israeli deal ...
Searchenginejournal.com

WordPress Elementor Plugin Remote Code Execution Vulnerability

A vulnerability was discovered in Elementor, starting with version 3.6.0, that allows an attacker to upload arbitrary code and stage a full site takeover. The flaw was introduced through a lack of ...