Critical vulnerability in Essential Addons for Elementor plugin


A very serious vulnerability has been discovered in the popular WordPress plugin Essential Addons for Elementor that allows external access to your WordPress installation. According to our findings, the vulnerability has been actively exploited and all sites using this plugin should be updated immediately. The problem has been fixed in plugin version 5.7.2. More information about this vulnerability can be found here.


Our customers using WordPress Smart Updates are safe as updates have been run automatically immediately after their releasing. But our WP hosting plan customers should take care of the security updates themselves. However, in the name of general security and with the bulnerability being so critical, we also centrally review all the WordPress sites in our servers and perform a critical updates on pages that have not yet been updated.


Our WP hosting customers who have had this plugin updated by us have also received a notice from our customer support. However, we recommend all our WordPress customers to also check themselves whether the Essential Addons for Elementor plugin is installed and that has been updated to at least version 5.7.2. We also recommend in these cases to change the admin password of the WordPress installation and to take care of all security updates to your own WordPress in accordance with our instructions.