Wordpress
April 13, 2022

Critical RCE Vulnerability in Elementor WordPress Plugin

Security Risk: High

Exploitation Level: Easy

CVSS Score: 9.9

Vulnerability: Remote code execution (RCE)

Patched Version: 3.6.3

On April 12th, an important security update was released for the Elementor plugin patching a critical remote code vulnerability which allows all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a vulnerable website.

This vulnerability, identified as CVE-2022-1329, is extremely severe.

Continue reading Critical RCE Vulnerability in Elementor WordPress Plugin at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1

If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is…

Read Story
Wordpress
May 17, 2021

2023’s Critical WordPress Vulnerabilities and How They Work

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000,…

Read Story
Wordpress
February 12, 2024

Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access

On April 21st, our Threat Intelligence team discovered a vulnerability in Site Kit by Google, a WordPress plugin installed on…

Read Story
Wordpress
July 4, 2020

Emergency WordPress Help

One of our techs will get back to you within minutes.