Elementor Pro – Vulnérabilité de sécurité

Elementor Pro – Vulnérabilité de sécurité

Dear Elementor Pro users,

We are writing to let you know about a security vulnerability of Elementor Pro that was recently discovered and is now fixed following the release of version 2.9.4 on May 7th, at 11:30 EST.

In some cases, the vulnerability allows malicious files to be uploaded to the site via the Icon Sets Zip file uploading system. We want to emphasize that this loophole only affects Elementor Pro sites that allow new users to register independently.

As mentioned, we have now released a new version of Elementor Pro which resolves this vulnerability with two main fixes:

  1. Only Administrator role users can upload Icon Sets.
  2. Only authorized files can be processed via a ZIP file.

We strongly recommend that you update your current Elementor Pro version to the new 2.9.4 version.

We will continue to work around the clock to identify and address any security threats to assure the safety of your websites.

For more information about this issue, please visit our FAQ.

The Elementor Team

Jean-Francois Ranger

Un peu geek, mais totalement sociable, je développe des sites Internet depuis plus de 20 ans. C’est donc dire que j’ai vu passer plusieurs courants et assisté à la naissance et à la mort de nombreuses technologies. Perfectionniste de nature, j’ai développé il y a plusieurs années mon propre gestionnaire de contenu, car les applications sur le marché n’apportaient pas la convivialité souhaitée. Aujourd’hui, je surfe sur la tendance et intègre 90 % des sites que je développe au gestionnaire de contenu WordPress.