On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor plugin that allowed any authenticated user to upload arbitrary PHP code.
Elementor is one of the most popular WordPress plugins and is installed on over 5 million websites.
A patched version of the plugin, 3.6.3, was released the next day on April 12, 2022.
Update your Elementor plugin to version 3.6.3 or later immediately
