Elementor, a WordPress website builder plugin with over five million active installations, has been found to be vulnerable to an authenticated remote code execution flaw that could be abused to take over affected websites.
Plugin Vulnerabilities, which disclosed the flaw last week, said the bug was introduced in version 3.6.0 that was released on March 22, 2022. Roughly 37% of users of the plugin are on version 3.6.x.
“That means that malicious code provided by the attacker can be run by the website,” the researchers said. “In this instance, it is possible that the vulnerability might be…
More Info
