WordPress security firm PatchStack warns of a high-severity vulnerability in the Elementor Pro WordPress plugin that is currently being exploited by threat actors in the wild.

Elementor Pro is a paid plugin that is currently installed on over 11 million websites, it allows users to easily create WordPress websites.

This vulnerability was reported on March 18 by security researcher Jerome Bruandet from NinTechNet.

The expert reported that the issue impacts Elementor Pro when it is installed on a site that has WooCommerce activated.