WordPress Elementor plugin <= 3.18.3 – Authenticated Stored Cross-Site Scripting via get_image_alt vulnerability
Wesley (wcraft) identified and brought to attention a Cross Site Scripting (XSS) vulnerability present in the WordPress Elementor Website Builder Plugin. Exploiting this flaw could empower a malicious actor to insert harmful scripts, such as redirects, advertisements, and various HTML payloads, into your website. These scripts would then be executed when visitors access your site. The identified vulnerability has been addressed and resolved in version 3.19.0.
Solution
Update the WordPress Elementor Website Builder plugin to the latest available version (at least 3.19.0).
To get regular updates and more features, upgrade to Elementor Pro.
Not sure how to update your plugins?
We are here to do this on a regular basis. Explore our WordPress Website Maintenance service to know we will ease the process for you.