SQLi Flaw in Elementor Ally Plugin Impacts Over 250,000 WordPress Sites

An SQL injection (SQLi) vulnerability was identified in the Ally plugin, a WordPress extension developed by Elementor for web accessibility and usability, affecting over 250,000 active installations. The flaw could be exploited by unauthenticated attackers to steal sensitive data from vulnerable websites. The plugin has more than 400,000 total installations, though the exact number of impacted sites is estimated at 250,000-plus. No specific CVE ID, patch release date, or exploitation timeline was provided in the report. The vulnerability poses a risk of unauthorized data extraction without requiring authentication.