Written by Editorial Team on May 8, 2020

Critical Zero-Day Vulnerability In Elementor Page Builder Pro Plugin

We hate to break this to you, but a new critical zero-day vulnerability was found in the famous Elementor Page Builder Pro plugin (source). The vulnerability allows an attacker to upload an arbitrary file, which could lead to remote code execution.

Apart from that, this new vulnerability is actively exploited and Element Pro users are urged to update their Elementor Pro plugin immediately. At this point of writing, Elementor Pro plugin had been updated to version 2.9.4 which is free from the exploit.

Here are some information about the vulnerability in Elementor Page Builder Pro plugin:

  • The vulnerability affects versions before 2.9.4
  • The affected file is modules/assets-manager/asset-types/icons/custom-icons.php.
  • More details of the vulnerability can be found here:

Threats found on your website may leads to SEO results degradation in Search Engine Results Page (SERP), blacklist or other sanctions. Therefore, it is extremely important to update your Elementor Pro plugin right now.

Article written by Editorial Team

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts