The vulnerability enables users with editing privileges to list logins and passwords of the website’s authors. Please note, this information is encrypted and requires that a malicious actor have editing access to your website, as well as an intention and ability to decrypt this information. Our latest update, Elementor Pro 3.19.3 (or 3.21.0-cloud 1 for hosted websites), launched on February 22, 2024 puts this worry to rest.
Does this concern me?
If your site might have unknown or potentially malicious users with editing privileges, this update is crucial for you.
What should I do next?
Update to the latest version of Elementor. In general, it is recommended to always keep your website plugins up to date, as this can reduce the likelihood of security and incompatibility issues.
Elementor’s Bug Bounty Program
This is also a good opportunity to remind you that we welcome ethical disclosures as part of our publicly available Bug Bounty program (bugcrowd.com/elementor). We’re inviting our community to be rewarded for uncovering issues and potential risks to Elementor, helping us to enhance our security posture and continue to empower web creators with the best web creation platform.
Bug Bounty Program: https://elemn.to/bug-bounty
If you need additional assistance, you can reach out to support by going to your account’s dashboard and opening a ticket.