A critical RCE flaw identified in the Elementor WordPress plugin could 500k or more sites. its critical severity is given by the fact that anyone logged into the vulnerable website can exploit it, including regular subscribers. A threat actor creating a normal user account on an affected website could change the name and theme of the affected site making it look entirely different. Plugin Vulnerabilities has also published a proof of concept (PoC) to prove the exploitability, increasing the risk of vulnerable websites to be compromised.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.