A vulnerability to an authenticated remote code execution flaw, which could allow attackers to run malicious code in a website has been discovered in the Elementor WordPress website builder plugin. Elementor has over five million active installations. A security patch to fix the issue has now been applied to the new 3.6.3 version of Elementor.