CVE-2023-48777: Elementor Exposed 5 Million Websites to Hackers - #CVE-2023-48777
A critical security vulnerability, CVE-2023-48777, was found in versions 3.3.0 through 3.18.1 of the Elementor Website Builder plugin for WordPress, which is used by nearly 9 million websites worldwide. The vulnerability allows authenticated accounts with edit post permissions to upload arbitrary files, including PHP files, that could enable remote code execution. Though the vulnerability requires at least Contributor-level access to exploit, limiting the number of impacted websites, users are still strongly urged to update to version 3.18.2 or later immediately. The issue was first discovered by security researcher Hồng Quân, then reported to and patched by Elementor after being reviewed by Wordfence.