Critical RCE Vulnerability Fixed in Latest Update

Critical RCE Vulnerability Fixed in Latest Elementor Update

On April 12th 2022, an important security update was released for the Elementor plugin to patch a critical Remote Code Execution (RCE) vulnerability. The severe security risk  allowed all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a website. You can view the security patch here.

It seems that when Elementor version 3.6.0 introduced its new onboarding module, it failed to include the necessary capabilities checks. As a result, it opened a window to attackers with malicious intentions to execute code and even take over a website.

Cloudways Managed Security Has it Handled 

Cloudways takes the security of your websites extremely seriously. As a managed hosting platform, we handle security updates for our customers. On April 13th, all websites using Elementor were automatically updated to the latest 3.6.3. secure version.

What Should I Do?

As Cloudways has already managed the automatic update of the Elementor security patch, you no longer need to worry about updating Elementor. But any other themes or plugins without backwards compatibility may break your website. You need to update them as soon as possible. We advise you to consult with the respective plugins’ authors to guide you and make the update process quicker.

While we do help our customers roll back to an older version of Elementor if required, we strongly advise against it, as this can lead potentially to greater security issues and can require even more time to restore your website. 


Start Creating Web Apps on Managed Cloud Servers Now

Easy Web App Deployment for Agencies, Developers and E-Commerce Industry.

Critical RCE Vulnerability Fixed in Latest Elementor Update 1

Marianna Siouti

Marianna Siouti is a Product Marketing Manager at Cloudways. She has over 14 years of experience in the hosting industry, in Marketing and Product. She is someone who falls in love with problems and works towards solving them with technology. You will find her working remotely from warm places, or on LinkedIn.


Get Our Newsletter
Be the first to get the latest updates and tutorials.

Thankyou for Subscribing Us!

Do you like what you read?

Thank you for your feedback!

Keep reading the article at The Official Cloudways Blog. The article was originally written by Marianna Siouti on 2022-04-15 03:59:01.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Leave a Comment

Your email address will not be published. Required fields are marked *

Show Your ❤️ Love! Like Us
Scroll to Top