Critical RCE Vulnerability in Elementor WordPress Plugin


On April 12th, an important security update was released for the Elementor plugin patching a critical remote code vulnerability which allows all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a vulnerable website.

This vulnerability, identified as CVE-2022-1329, is extremely severe. With over 5 million active installations of Elementor at the time of writing, a significant number of websites are impacted.

WordPress websites using the Elementor plugin should patch immediately. Sucuri web application firewall users are protected from this issue.

Read more…