WP-Sicherheitsalarm: Plugin Elementor

WP-Sicherheitsalarm:
Plugin Elementor < Vers. 3.1.2

Über 7 Millionen WordPress-Seiten nutzen Elementor, leider gibt es eine gravierende Sicherheitslücke wodurch Angreifer Schadcode einschleusen können.

Betroffen sind Versionen unterhalb 3.1.2, diese Version bzw. die aktuelle 3.1.4 sind von dieser Sicherheitslücke befreit.

Ein Update ist dringend empfohlen.

Orginalmeldung:

On February 23, 2021, the Wordfence Threat Intelligence team responsibly disclosed a set of stored Cross-Site Scripting vulnerabilities in Elementor, a WordPress plugin which “is now actively installed and used on more than 7M websites” according to a recent announcement on the Elementor blog. These vulnerabilities allowed any user able to access the Elementor editor, including contributors, to add JavaScript to posts. This JavaScript would be executed if the post was viewed, edited, or previewed by any other site user, and could be used to take over a site if the victim was an administrator.
As Elementor has a contact method specifically for security reports, we were able to provide the full disclosure immediately. Elementor acknowledged the vulnerability the next day, on February 24, 2021. An initial patch was made available in version 3.1.2 on March 2, 2021. However, we recommend updating to at least Elementor version 3.1.4, the latest available at the time of this writing, as it contains additional fixes for the issue.
Wordfence Premium users received a firewall rule protecting against these vulnerabilities on February 23, 2021. Sites still running the free version of Wordfence will receive the same protection after 30 days, on March 25, 2021.

https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/

Kunden von tim-ehling.com mit aktuellem Wartungsservice haben das Update schon eingespielt bekommen.

Benötigst Du WordPress Hilfe?


Willst Du aktuelle Artikel, Information zu Sicherheitslücken und weiteres zu WordPress? Dann abonniere jetzt den WordPress-Newsletter!

Das interessiert dich vielleicht auch:

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.