This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

Elementor 3.6.3 Automatic Update: Critical RCE Vulnerability Fixed

Updated on April 15, 2022

< 1 Min Read

On April 12th 2022, an important security update was released for the Elementor plugin to patch a critical Remote Code Execution (RCE) vulnerability. The severe security risk  allowed all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a website. You can view the security patch here.

It seems that when Elementor version 3.6.0 introduced its new onboarding module, it failed to include the necessary capabilities checks. As a result, it opened a window to attackers with malicious intentions to execute code and even take over a website.

Cloudways Managed Security Has it Handled 

Cloudways takes the security of your websites extremely seriously. As a managed hosting platform, we handle security updates for our customers. On April 13th, all websites using Elementor were automatically updated to the latest 3.6.3. secure version.

What Should I Do?

As Cloudways has already managed the automatic update of the Elementor security patch, you no longer need to worry about updating Elementor. But any other themes or plugins without backwards compatibility may break your website. You need to update them as soon as possible. We advise you to consult with the respective plugins’ authors to guide you and make the update process quicker.

While we do help our customers roll back to an older version of Elementor if required, we strongly advise against it, as this can lead potentially to greater security issues and can require even more time to restore your website. 

 

Share your opinion in the comment section. COMMENT NOW

Share This Article

Start Creating Web Apps on Managed Cloud Servers Now

Easy Web App Deployment for Agencies, Developers and E-Commerce Industry.

Marianna Siouti

Marianna Siouti is a Product Marketing Manager at Cloudways. She has over 14 years of experience in the hosting industry, in Marketing and Product. She is someone who falls in love with problems and works towards solving them with technology. You will find her working remotely from warm places, or on LinkedIn.

×

Get Our Newsletter
Be the first to get the latest updates and tutorials.

Thankyou for Subscribing Us!

×

Webinar: How to Get 100% Scores on Core Web Vitals

Join Joe Williams & Aleksandar Savkovic on 29th of March, 2021.

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!