March 2022: Critical Remote Code Execution Vulnerability in Elementor

On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor plugin that allowed any authenticated user to upload arbitrary PHP code.

Elementor is one of the most popular WordPress plugins and is installed on over 5 million websites.
A patched version of the plugin, 3.6.3, was released the next day on April 12, 2022.

Update your Elementor plugin to version 3.6.3 or later immediately


  Add Comment

Confirm Submission

Please enter the text from the image in the box provided; this helps us to prevent spam.