⚠️ Security update: Elementor lower than 3.19 Vulnerability Allows Attackers to Delete Files and Inject PHP Code

Updates / By / February 16, 2024

Hi guys, this blog update concerns a newly discovered vulnerability affecting the Elementor plugin up to version 3.19.0.

The vulnerability

A security vulnerability in Elementor versions up to 3.19.0 could allow attackers to delete files and inject PHP code into a website. The vulnerability is due to insufficient path validation on a parameter.

Attackers can exploit this vulnerability to upload a malicious PHP file to a website. Once the file is uploaded, the attacker can execute it to delete files or inject malicious code into the website.

The vulnerability was patched in Elementor version 3.19.1. If you are using Elementor, it is important to update to the latest version as soon as possible.

Here are the steps on how to update Elementor:

  • Log in to your WordPress dashboard.
  • Navigate to Pro Radio Admin and click “Refresh license” then Install Plugins
  • Select all plugins and update (make sure also Pro Radio is up to date)

How to stay safe

By any means, we recommend to take those 5 actions in order to prevent any possible issue:

  1. Make a backup of your website, using Softaculous, or by using any plugin as Duplicator or similar. Remember that our theme makes just a theme backup, it doesn’t include database or medias.
  2. Make sure to update Elementor to the latest version.
  3. If you don’t have WordFence installed yet, make sure to install it, and also, we recommend enabling 2FA and disabling XMLRPC.
  4. make sure your users with provilege Contributor or above, are using a strong and unique password
  5. Make sure you are using the latest Pro Radio theme version 6.0 and the latest version of the plugins (how to update Pro Radio theme and plugins)

If you take those actions, you can feel pretty safe.

Additional tip

We noticed that many people still use “admin” as username, or the name of the website, make sure to NOT use “admin” as you user or anything similar or the name of hthe domain.

My Pro Radio support is expired, what can I do?

No worries, just get in touch and we will help! you can always reactivate your Support and Updates!

Related Posts