Update the WordPress Elementor Website Builder plugin to the latest available version (at least 3.6.3).
Ramuel Gall (Wordfence) discovered and reported this Arbitrary File Upload vulnerability in WordPress Elementor Website Builder Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version 3.6.3.
Unauthenticated DOMbased Reflected CrossSite Scripting (XSS) vulnerability
13.06.2022
DOM CrossSite Scripting (XSS) vulnerability
20.10.2021
Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities
17.03.2021
Unrestricted SVG Uploads vulnerability
25.11.2020
Authenticated Stored CrossSite Scripting (XSS) vulnerability
02.09.2020