WordPress Elementor Website Builder Plugin vulnerable to Critical RCE Flaw


Elementor is the leading website builder platform for professionals on WordPress, with over five million active installations. It serves web professionals, including developers, designers, and marketers. Furthermore, it boasts a new website created every 10 seconds on its platform. Recently in the latest plugin version, vulnerability to an authenticated remote code execution flaw (RCE) was detected that enables abusers to take over the affected website. The abuser can upload an arbitrary file, potentially leading to code execution.

Plugin Vulnerabilities disclosed a bug introduced in version 3.6.0, released on March 22, 2022, and roughly 37% of users of the plugin were on that version. The bug allows any authenticated user, regardless of their authorization, to change the site title and site logo, change the theme to Elementor’s theme, and upload arbitrary files to the site. The provider advised users to update the plugin as soon as possible to mitigate further risks.

Elementor helps web designers to turn design visions into professional websites, accelerate and innovate website development and make an online business shine and grow its audience. With the live drag & drop editor, 90+ widgets with total customization freedom, zero coding is required to create a flawless website with custom positions, padding, margins, and global settings for colors & typographies. The platform helps create unlimited web creations like anding pages and eCommerce stores to full-blown websites. Designers use it to create unique & consistent website designs using advanced animations, custom templates library, global design settings, custom CSS, responsive layouts, and more for Business & Services, Portfolio & CV, Creative, eCommerce, Events & Entertainment, Landing Pages, Media & Blogs, Health & Wellness.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.