Full title: WordPress Elementor 3.6.2 Shell Upload Exploit 
Category: web applications
Platform: php
WordPress Elementor plugin versions 3.6.0 through 3.6.2 suffer from a remote shell upload vulnerability. This is achieved by sending a request to install Elementor Pro from a user supplied zip file. Any user with Subscriber or more permissions is able to execute this.

# 0day.today @ http://0day.today/