Wordfence Security Alert: Elementor Plugin Vulnerability Dec 6th 2023

On December 6, 2023, Wordfence identified a security concern within Elementor, a widely-used WordPress plugin with almost 9 million installations. Our team observed a changelog entry for Elementor version 3.18.1, revealing a partial patch for a vulnerability we hadn’t initially discovered.Swiftly responding, we deployed a firewall rule to safeguard Wordfence Premium, Wordfence Care, and Wordfence Response users. This proactive measure aimed to secure our customers immediately. For free Wordfence users, the firewall rule will be accessible starting January 5, 2023, 30 days after the initial release.Upon closer examination, it became evident that the initial patch was not foolproof, leaving room for potential exploitation. On the same day, December 6, 2023, we reached out to the Elementor team to highlight the inadequacy of the patch. Kudos to the Elementor team for their prompt action – they swiftly addressed the issue with a comprehensive fix in version 3.18.2, released on December 8, 2023. We commend their commitment to ensuring the security of WordPress websites worldwide. Stay secure with Wordfence!

Read there full post..