Security Risk: High
Exploitation Level: Easy
CVSS Score: 9.9
Vulnerability: Remote code execution (RCE)
Patched Version: 3.6.3
On April 12th, an important security update was released for the Elementor plugin patching a critical remote code vulnerability which allows all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a vulnerable website.
This vulnerability, identified as CVE-2022-1329, is extremely severe.