Post AUNj5cxiQ4b3SC47V2 by arpcomics@mythology.social
 (DIR) More posts by arpcomics@mythology.social
 (DIR) Post #AUNj5cxiQ4b3SC47V2 by arpcomics@mythology.social
       2023-04-06T16:38:29Z
       
       0 likes, 0 repeats
       
       Wondering if any #WordPress folks can help me out. I've got a website where the admin email appears to be changed after a #WooCommerce order is attempted. The IP from the order is from Ukraine. But I think the order is a red herring.Access logs show that IP (which my firewall should have blocked, all traffic from outside NAm is blocked) hit similar #Elementor links multiple times:1 time: POST /?wc-ajax=get_refreshed_fragments&elementor_page_id=655 times: POST /wp-admin/admin-ajax.php?action=elementor_ajax&_nonce=ca568afb671 time: GET //wp-content/plugins/elementor-pro/changelog.txtI think we have the culprit there - checking the version of the Elementor Pro plugin.I've loathed page builders for years (this is an inherited site), so this really sticks in my craw.
       
 (DIR) Post #AUNj5e6y99ap1BP1Yu by amerika@noagendasocial.com
       2023-04-06T17:09:23Z
       
       1 likes, 0 repeats
       
       @arpcomics https://arstechnica.com/information-technology/2023/03/hackers-exploit-wordpress-plugin-flaw-that-gives-full-control-of-millions-of-sites/