Save the page. The script will execute in the browser of any user who clicks the link or views the page in the editor. Remediation

Deploy a WAF rule to block requests containing PHP_VALUE or PHP_ADMIN_VALUE in query strings or headers.

If you find references to php 5416 in your logs or discovered a suspicious GitHub scanner running against your IP, execute the following immediately:

: Users should immediately update the Elementor plugin to version 3.23.5 or later .

PHP 5.4.16 is an outdated version of PHP, and like many older versions, it has known vulnerabilities. One notable vulnerability is the "Remote Code Execution" (RCE) vulnerability, which allows an attacker to execute arbitrary code on the server.