HEX
Server: Apache
System: Linux efa57bbe-abb1-400d-2985-3b056fbc2701.secureserver.net 6.1.147-1.el9.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jul 24 12:33:32 EDT 2025 x86_64
User: root (0)
PHP: 8.0.30.4
Disabled: NONE
$ pwd: /var/www/wp-content/mu-plugins/
Upload Files
File: //var/www/wp-content/mu-plugins/elementor-pro-patch.php
<?php
/*
Plugin Name: elementor-pro-security-patch
Description: Plugin Patch that resolves the vulnerability to redirect visitors to malicious domains or upload backdoors to the breached site.
Version: 1.0.0
*/

function patch_update_option() {
    $requests = [];

    if ( ! empty( $_REQUEST['actions'] ) ) {
        $requests = json_decode( wp_unslash( $_REQUEST['actions'] ), true );
    }

    foreach ( $requests as $id => $action_data ) {
        if (  $action_data['action'] == "pro_woocommerce_update_page_option" ) {
            $is_admin = current_user_can( 'manage_options' );
            $is_shop_manager = current_user_can( 'manage_woocommerce' );
            $is_allowed = $is_admin || $is_shop_manager;

            if ( ! $is_allowed ) {
                exit;
            }
        }
    }
}
add_action('wp_ajax_elementor_ajax', 'patch_update_option');
@ Telegram