4a271 - 2y
Wondering if any #[0] folks can help me out. I've got a website where the admin email appears to be changed after a #[1] order is attempted. The IP from the order is from Ukraine. But I think the order is a red herring. Access logs show that IP (which my firewall should have blocked, all traffic from outside NAm is blocked) hit similar #[2] links multiple times: 1 time: POST /?wc-ajax=get_refreshed_fragments&elementor_page_id=65 5 times: POST /wp-admin/admin-ajax.php?action=elementor_ajax&_nonce=ca568afb67 1 time: GET //wp-content/plugins/elementor-pro/changelog.txt I think we have the culprit there - checking the version of the Elementor Pro plugin. I've loathed page builders for years (this is an inherited site), so this really sticks in my craw.
b4bf7 - 2y
#[0] https://arstechnica.com/information-technology/2023/03/hackers-exploit-wordpress-plugin-flaw-that-gives-full-control-of-millions-of-sites/
