CVE-2022-1329: 
WordPress vulnerability analysis and mitigation

The Elementor Website Builder plugin for WordPress (versions 3.6.0 to 3.6.2) was found to contain a critical remote code execution vulnerability (CVE-2022-1329) discovered in March 2022. The vulnerability stems from a missing capability check in the ~/core/app/modules/onboarding/module.php file, which allowed unauthorized execution of several AJAX actions (Wordfence Blog).

The vulnerability exists due to improper authorization checks in the Onboarding module of the plugin. The flaw allows authenticated users with subscriber-level access to execute AJAX actions through the admininit hook. The critical issue lies in the uploadandinstallpro() function, which permits the upload and installation of arbitrary plugin files without proper capability verification. The vulnerability has been assigned a CVSS score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability enables attackers to modify site data and upload malicious files that can be used to achieve remote code execution on the affected WordPress sites. With over 5 million active installations of the Elementor plugin, the potential impact of this vulnerability was significant (Plugin Vulnerabilities).

The vulnerability was patched in Elementor version 3.6.3, which implemented proper capability checks and improved controls sanitization in the Onboarding wizard. Users are strongly advised to update to this version or later to protect their websites from potential exploitation (Packet Storm).