Update the WordPress Elementor Website Builder plugin to the latest available version (at least 3.6.3).
Ramuel Gall (Wordfence) discovered and reported this Arbitrary File Upload vulnerability in WordPress Elementor Website Builder Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version 3.6.3.
Unauthenticated DOMbased Reflected CrossSite Scripting (XSS) vulnerability
DOM CrossSite Scripting (XSS) vulnerability
Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities
Unrestricted SVG Uploads vulnerability
Authenticated Stored CrossSite Scripting (XSS) vulnerability