Plugin Elementor < Vers. 3.1.2
Über 7 Millionen WordPress-Seiten nutzen Elementor, leider gibt es eine gravierende Sicherheitslücke wodurch Angreifer Schadcode einschleusen können.
Betroffen sind Versionen unterhalb 3.1.2, diese Version bzw. die aktuelle 3.1.4 sind von dieser Sicherheitslücke befreit.
Ein Update ist dringend empfohlen.
As Elementor has a contact method specifically for security reports, we were able to provide the full disclosure immediately. Elementor acknowledged the vulnerability the next day, on February 24, 2021. An initial patch was made available in version 3.1.2 on March 2, 2021. However, we recommend updating to at least Elementor version 3.1.4, the latest available at the time of this writing, as it contains additional fixes for the issue.
Wordfence Premium users received a firewall rule protecting against these vulnerabilities on February 23, 2021. Sites still running the free version of Wordfence will receive the same protection after 30 days, on March 25, 2021.
Kunden von tim-ehling.com mit aktuellem Wartungsservice haben das Update schon eingespielt bekommen.