search

elementor / elementor

The most advanced frontend drag & drop page builder. Create high-end, pixel perfect websites at record speeds. Any theme, any page, any design.
https://elementor.com/
GNU General Public License v3.0
6.58k stars 1.42k forks source link

malware found (Virusdie) #11046

Closed codeagencybe closed 4 years ago

codeagencybe commented 4 years ago

Hello

I started receiving notifications from Virusdie service that Elementor containers malware and needs cleaning. I checked the details, and it points specifically to elementor safe mode code.

This is happening not just one website, but so far 20+ sites are reporting the same error in Virusdie.

elementor-safe-mode.php | Not cleaned Path: /wp-content/plugins/elementor/modules/safe-mode/mu-plugin Not removed threats: WP.Elementor.CVE

I also fouñd more informaton on that threat here: https://wpvulndb.com/vulnerabilities/10156 The most websites that are being reported by Virusdie are actually already on the latest version for Elementor and pro, but the malware/threat from that specific code is still present in latest version it seems.

Is this a known issue? Or something new that recently started but not yet reported? I would like to know how to fix and patch this security issue asap please.

Thanks

EDIT

screenshot attached from Virusdie image

shilo-ey commented 4 years ago

Hi @codeagencybe

Thanks for your input.

This is not malware but a false positive detection of Elementor's Safe Mode MU Plugin.

thanks