Arbitrary File Upload vulnerability in versions <= 3.18.1
-
H?ng Quan (luk6785 at VNPT-VCI) discovered and reported this Arbitrary File Upload vulnerability in WordPress Elementor Website Builder Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has not been known to be fixed yet.
Vulnerability link : https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_a_id=110
That’s the 6th vulnerability from 2023, 16th total since 2017 according to patchstack.com. This time severity is at the highest level as it basically allows anyone to hack any of the 5 million websites that use Elementor.
Please fix ASAP and report to vulnerability organisms in order to let them know the version that fixes the vulnerability.
The page I need help with: [log in to see the link]
- The topic ‘Arbitrary File Upload vulnerability in versions <= 3.18.1’ is closed to new replies.
