anti-virus scanner detected that a malicious file had been loaded onto server

  • Hi. Plugin had worked well until now for uploading to Elementor. Since around May 5th, a trojan has been uploaded directly to the server in uploads in all projects where I have installed the plugin. Although on some sites I don’t show the upload field on the page.
    kuechengegenangebot/wp-content/uploads/elementor/forms/0/temp/file/1.php
    digibuch/wp-content/uploads/elementor/forms/0/temp/file/1.php

Viewing 1 replies (of 1 total)

  • Hello, It’s because there is no authentification check in upload process in version <=1.7.15.
    Add at line statklarDropZoneUploadProcess.php:21 this code (using the last version) :

    if(!isset($admin_mode) || $admin_mode!=1) return;

    The content should be :

    ....
        if (in_array('administrator', $user->roles)) {
            $admin_mode = 1;
        }
        if(!isset($admin_mode) || $admin_mode!=1) return;

        if (!isset($_FILES["file"]) && !isset($_POST["mode"])) {
            die(__("There is no file to upload.", "startklar-elmentor-forms-extwidgets"));
        }
....

Viewing 1 replies (of 1 total)
  • The topic ‘anti-virus scanner detected that a malicious file had been loaded onto server’ is closed to new replies.