WordPress Elementor Plugin Remote Code Execution Vulnerability via @sejournal, @martinibuster
A vulnerability was discovered in Elementor, starting with version 3.6.0, that allows an attacker to upload arbitrary code and stage a full site takeover. The flaw was introduced through a lack of proper security policies in a new “Onboarding” wizard feature. Missing Capability Checks The flaw in Elementor was related to what is known as […]