QID 730450
Date Published: 2022-04-21
QID 730450: WordPress Plugin Elementor Remote Code Execution (RCE) Vulnerability
Elementor is the leading website building platform for WordPress, enabling web creators to build professional, pixel-perfect websites with an intuitive visual builder.
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution
Affected Versions:
Elementor plugin versions from 3.6.0 to 3.6.2.
QID Detection Logic:(Unauthenticated)
This unauthenticated detection depends on the BlindElephant engine to detect the vulnerable version of the Elementor plugin.
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code on the target system.
- Elementor Release Notes -
wordpress.org/plugins/elementor/advanced/
CVEs related to QID 730450
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| Elementor Release Notes |
|