Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.
To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.
Remote Code Execution (RCE)
Elementor WordPress Plugin
- Installations: 5,000,000+
- Patched Version: 3.6.3
- Vulnerability: Remote code execution (RCE)
- Severity: Critical
- CVE: CVE-2022-1329
This critical vulnerability leverages a lack of capability checks found in vulnerable versions of the Elementor plugin.