WordPress Elementor 3.18.1 File Upload - Remote Code Execution Vulnerabilities exploit
A high-severity vulnerability (CVE-2023-48777) has been discovered in the Elementor Website Builder plugin for WordPress, affecting all versions up to and including 3.18.1. The vulnerability allows authenticated attackers with contributor-level access and above to upload files and execute code on the server via the template import functionality. The issue stems from the handle_elementor_upload function, which saves uploaded files to a temporary directory before checking the file type and does not delete the temporary file if it fails validation. Users are advised to update to the latest version of Elementor (3.18.2) as soon as possible to mitigate this risk. Wordfence users, including those running Wordfence Premium, Wordfence Care, and Wordfence Response, are fully protected against this vulnerability. CVEs: CVE-2023-48777 [View Article](https://sploitus.com/exploit?id=1337DAY-ID-39188)