CVE-2023-48777

Name of the Vulnerable Software and Affected Versions Elementor Website Builder versions 3.3.0 through 3.18.1

Description The issue is related to an unrestricted upload of files with dangerous types in Elementor Website Builder. This problem is estimated to affect around 5 million websites. The vulnerability allows for the upload of malicious files, potentially leading to security breaches.

Recommendations For Elementor Website Builder versions 3.3.0 through 3.18.1, update to a version later than 3.18.1 to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary and trusted sources until a patch is available. Restrict access to the file upload functionality to minimize the risk of exploitation. Avoid using the file upload feature in the affected API endpoints until the issue is resolved.