The Critical Vulnerability in Elementor WordPress Plugin Affects Thousands of Websites

April 19, 2022
12:37 pm

A critical remote code execution vulnerability has been detected in Elementor, the leading website-building platform for WordPress, that could affect nearly 500,000 websites.

The exploitation of the vulnerability requires authentication, but it is a serious threat that anyone entering the vulnerable website, including regular subscribers, can take advantage of the vulnerability. A threat actor who creates a regular user account on an affected website can change the name and theme of the affected site to make it look completely different.

It is foreseen that an unauthenticated user may exploit the critical vulnerability in the Elementor plugin in the continuing process, too. This RCE vulnerability has been fixed in the published version of 3.6.3. To avoid being affected by attacks that can be carried out using this vulnerability, website administrators are advised to apply the latest update available for the WordPress plugin or remove the plugin entirely from the website.

The Critical Vulnerability in Elementor WordPress Plugin Affects Thousands of Websites

Share This:

Channel Partners

Become A Partner

Partner Portal Login

The Bridge Partner Program

Blog

Customer Stories

Datasheets

e-Books

Events

Glossary

Threat Intelligence Researches

Reports

Security News

Infographics

Whitepapers

Explore Our Ransomware Threats Report

Platform Overview

Brand Protection

Exposure Management

Cyber Threat Intelligence

Supply Chain Security

Technology Integrations

CONTACT US

About Us

Careers

News

Awards

Logos & Press Kit

Threat Intelligence Services

Brand Monitoring

Fraud Protection

VIP Security

Vulnerability Intelligence

Attack Surface Management

Preventing Data Leakage

Phishing Monitoring

Account Takeover Detection

Stolen Credit Cards

Dark Web Monitoring

Remediation and Takedown