vulnerability

Hi Team,

I got email from WP Engine Website related to plugin have vulnerability in current email. I will attache the screen shot of the email here also.


At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security risks. We are reaching out to you today because we identified resources that may be utilizing a vulnerable version of the elementskit-lite plugin.

The site oyjourney2 on is running version 3.9.6.

WP Engine summary of the vulnerability: This vulnerability allows any unauthenticated user to perform actions that only an administrator should be allowed to do.

This vulnerability’s information has been verified by Patchstack. Please note that questions related to this notification should be directed to Patchstack, the plugin author or the 3rd-party researcher for the most accurate information.

Resources providing further information on this vulnerability:

https://patchstack.com/database/vulnerability/elementskit-lite/wordpress-elementskit-elementor-addons-lite-plugin-3-9-6-broken-access-control-vulnerability-2?_a_id=473
https://patchstack.com/database/vulnerability/elementskit-lite/wordpress-elementskit-elementor-addons-lite-plugin-3-9-6-broken-access-control-vulnerability?_a_id=473

There does not appear to be a fix for this update at this moment and we recommend updating when one becomes available.

We always suggest making a backup before making any changes. You can learn how to do this in this article: https://wpengine.com/support/restore/.

Would you like to avoid doing these updates manually in the future? Add the Smart Plugin Manager: https://my.wpengine.com/products/smart_plugin_manager to your plan today!

Finally, feel free to reach out to our Support team if you need assistance with backing up or updating your website!

Thanks,
-WP Engine Security Team


Thank you

The page I need help with: [log in to see the link]