Critical Remote Code Execution Vulnerability in Elementor

Рейтинг: 4.9 из 78 оценок

On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor plugin that allowed any authenticated user to upload arbitrary PHP code. Elementor is one of the most popular WordPress plugins and is installed on over 5 million websites.

We sent our disclosure to the official Elementor security contact email address on March 29, and followed up on April 5, 2022. As we did not receive a response by April 11, 2022, we sent the disclosure to the WordPress plugins team. A patched version of the plugin, 3.6.3, was released the next day on April 12, 2022.

Wordfence PremiumWordfence Care, and Wordfence Response users received a firewall rule protecting against this issue on March 29, 2022. Sites still running the free version of Wordfence will receive the same protection 30 days later, on April 28, 2022.

Читайте далее

Добавить комментарий