> TritonInfoSec News
Home / Mar 12, 2026 / Story
0
#6 BleepingComputer general March 11, 2026 at 19:38 UTC

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

By Bill Toulas

AI Summary

A critical SQL injection vulnerability affects Ally, an Elementor WordPress plugin for web accessibility with over 400,000 installations. The unauthenticated flaw could allow attackers to steal sensitive database information from more than 250,000 WordPress sites using the plugin.

Read full article → https://www.bleepingcomputer.com/news/security/sql…

Relevance score: 83.0/100

# More from March 12

  1. 1
    CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed The Hacker News
  2. 2
    Medical device giant Stryker confirms cyberattack as employees say devices were wiped The Record
  3. 3
    14,000 routers are infected by malware that's highly resistant to takedowns Ars Technica Security
  4. 4
    Xygeni GitHub Action Compromised Via Tag Poison Dark Reading
  5. 5
    New PhantomRaven NPM attack wave steals dev data via 88 packages BleepingComputer
  6. 7
    Medtech giant Stryker offline after Iran-linked wiper malware attack BleepingComputer
  7. 8
    Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days The Hacker News
  8. 9
    Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials The Hacker News
  9. 10
    UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours The Hacker News