The widely popular WordPress website builder plugin Elementor, which has over 5 million active installations, has recently released version 3.6.3 which contains an important security fix.
This vulnerability could allow any authenticated user, regardless of their authorization, to change the site title, site logo, change the theme to Elementor’s theme, and worst of all, upload arbitrary files to the site.
The arbitrary file upload vulnerability could allow someone to take over the entire site or perform remote code execution (RCE). Critical vulnerability fixed in elementor Wordpress plugin 3.6.3
Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer