The Elementor page builder plugin itself patched a similar vulnerability in February 2021. This vulnerability affects add-on plugins for Elementor that are created by third parties.

Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin to install backdoors on sites.

The authors of the Elementor Website Builder plugin for WordPress have just released version 3.6.3 to address a critical remote code execution flaw that may impact as many as 500,000 websites.

Hackers exploit WordPress plugin flaw that gives full control of millions of sites Elementor Pro fixed the vulnerability, but not everyone has installed the patch.

Elementor WordPress plugin vulnerability rated at 8.8/10 allows an attacker to upload malicious files and stage a remote code execution attack ...

A severe security flaw in the popular RomethemeKit For Elementor WordPress plugin has been identified and patched. The issue, which could allow Remote Code Execution (RCE), has been fixed in version 1 ...