uruburu

Hello.

We have Royal Elementor Addons 1.7.1 installed. However The wordpress toolkit still flags it as vulnerable.
CriticalWordpress Royal Elementor Addons and Templates plugin <= 1.3.78 & 1.4.78 – Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Fioravante

Sources: https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-and-templates-plugin-1-3-78-unauthenticated-arbitrary-file-upload-vulnerability?_a_id=110

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1378-unauthenticated-arbitrary-file-upload

Best regards,

Also the same here. When will there be an upgrade to safer version available?

Hello Rusell,

I think it is not possible to roll back due to the recently discovered vulnerabilty
in previous versions. See https://www.wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/