From blog.sucuri.net
![](https://blog.sucuri.net/wp-content/uploads/2022/04/BlogPost_FeatureImage_1490x700_ELEMENTOR-745x350.jpg)
On April 12th, an important security update was released for the Elementor plugin patching a critical remote code vulnerability which allows all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a vulnerable website.
This vulnerability, identified as CVE-2022-1329, is extremely severe. With over 5 million active installations of Elementor at the time of writing, a significant number of websites are impacted.
WordPress websites using the Elementor plugin should patch immediately. Sucuri web application firewall users are protected from this issue.