"The flaw affects the Ally plugin developed by Elementor, which is installed on hundreds of thousands of sites worldwide. This vulnerability can be leveraged to extract sensitive data from the database, such as password hashes, according to Wordfence researchers."
"The Ally plugin, developed by Elementor, is designed to improve accessibility and usability on WordPress websites by providing automated remediation tools and interface adjustments for users with disabilities. Features include accessibility scanning, remediation suggestions, and front-end interface improvements intended to help websites meet accessibility standards."
The Ally plugin, developed by Elementor and installed on over 400,000 WordPress sites, contains a vulnerability that enables attackers to steal sensitive data without requiring authentication. The flaw permits extraction of password hashes and other confidential information directly from affected website databases. Wordfence researchers identified this security issue in the accessibility plugin, which is designed to improve website usability for users with disabilities through automated remediation tools and interface adjustments. The widespread deployment of this plugin across numerous websites creates significant risk exposure for organizations relying on it for accessibility compliance.
#wordpress-security #plugin-vulnerability #data-breach #unauthenticated-access #accessibility-plugin
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]