PSA: High Severity File Upload Vulnerability in Elementor Patched

On December 6, 2023, the Wordfence team noticed a changelog entry for version 3.18.1 of Elementor, a WordPress plugin installed on nearly 9 million sites. We did not discover the original vulnerability and only became aware of it after reviewing the changelog containing a partial patch. We immediately released a firewall rule to Wordfence Premium, Wordfence Care, and Wordfence Response customers. The firewall rule will be made available to free Wordfence users 30 days later, on January 5, 2023.

This post was originally published on Wordfence by Ram Gall.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.