Wordpress
April 14, 2022

Critical RCE Vulnerability in Elementor WordPress Plugin

Security Risk: High

Exploitation Level: Easy

CVSS Score: 9.9

Vulnerability: Remote code execution (RCE)

Patched Version: 3.6.3

On April 12th, an important security update was released for the Elementor plugin patching a critical remote code vulnerability which allows all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a vulnerable website.

This vulnerability, identified as CVE-2022-1329, is extremely severe.

Continue reading Critical RCE Vulnerability in Elementor WordPress Plugin at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

2 Million Users Affected by Vulnerability in All in One SEO Pack

On July 10, 2020, our Threat Intelligence team discovered a vulnerability in All In One SEO Pack, a WordPress plugin…

Read Story
Wordpress
July 16, 2020

SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000,…

Read Story
Wordpress
March 19, 2024

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 7, 2023 to August 13, 2023)

Last week, there were 86 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to…

Read Story
Wordpress
August 17, 2023

Emergency WordPress Help

One of our techs will get back to you within minutes.