Wordpress
April 14, 2022

Critical RCE Vulnerability in Elementor WordPress Plugin

Security Risk: High

Exploitation Level: Easy

CVSS Score: 9.9

Vulnerability: Remote code execution (RCE)

Patched Version: 3.6.3

On April 12th, an important security update was released for the Elementor plugin patching a critical remote code vulnerability which allows all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a vulnerable website.

This vulnerability, identified as CVE-2022-1329, is extremely severe.

Continue reading Critical RCE Vulnerability in Elementor WordPress Plugin at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Critical Arbitrary File Deletion Vulnerability in MP3 Audio Player WordPress Plugin Affects Over 20,000 Sites

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to…

Read Story
Wordpress
September 6, 2024

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for…

Read Story
Wordpress
April 18, 2024

Critical Vulnerability Patched in WooCommerce Upload Files

On December 29, 2020, the Wordfence Threat Intelligence team was alerted to a potential 0-day vulnerability in the WooCommerce Upload…

Read Story
Wordpress
March 4, 2021

Emergency WordPress Help

One of our techs will get back to you within minutes.