Report
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Remote Code Execution via file upload in all versions up to and including 3.18.1 via the template import functionality. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files and execute code on the server.
Score:9.9
Severity:Critical
Version:3.3.0-3.18.1
There is a patch available in v3.18.2 and we strongly recommend you update to this version as soon as possible.
