WordPress.Plugin.Elementor.PHP.Remote.Code.Execution
Description
This indicates an attack attempt against an Remote Code Execution vulnerability in WordPress The Elementor Website Builder plugin.
The vulnerability is caused by improper handling of a crafted plugin upload. An authenticated remote attacker may be able to exploit this to execute arbitrary remote code within the context of the application, via a malicious HTTP request.
Affected Products
WordPress The Elementor Website Builder plugin version 3.6.0 to version 3.6.2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://plugins.trac.wordpress.org/changeset/2708766/elementor/trunk/core/app/modules/onboarding/module.php
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2022-10-17 | 22.414 | Sig Added |
2022-05-26 | 20.322 | Default_action:pass:drop |
2022-05-16 | 20.316 |