A Case Study on the Royal Elementor Plugin Zero-Day


WordPress is a popular platform for building websites, but it’s not without its risks. One such risk recently came to light with a zero-day vulnerability in the Royal Elementor Addons and Templates plugin. This plugin, developed by WP Royal, has over 200,000 active installations and is widely used for website building without any coding experience. The vulnerability was so severe that it received a CVSS score of 9.8, making it a critical issue.

The Zero-Day Exploit

The vulnerability, tracked as CVE-2023-5360, allowed unauthenticated attackers to upload arbitrary files to vulnerable sites, leading to remote code execution. The flaw was exploited in malicious attacks since at least August 30, 2023. Security firms observed more than 46,000 attacks attempting to exploit this vulnerability, with an increase in activity observed on October 3, 2023. Most attacks aimed to deploy specific files on the target sites to create a malicious administrator account.

Why Regular Updates Are Crucial

The Royal Elementor plugin’s vulnerability was patched in version 1.3.79, released on October 6, 2023. However, updating the plugin alone won’t remove existing infections or malicious files, emphasizing the need for regular updates and thorough website cleanups.

The Importance of Professional Management

Managing a WordPress site is not just about creating content; it’s also about ensuring that the site is secure. This is where professionals like Da Hawaii Website Guy come in. With expert knowledge in WordPress management, including updates and security measures, you can ensure that your website remains secure against such vulnerabilities.

Backups: Your Safety Net

In addition to regular updates, backups are crucial. They act as a safety net, allowing you to restore your website to a previous state in case of any issues. This is particularly important when dealing with zero-day vulnerabilities, where an immediate fix may not be available.


The Royal Elementor zero-day vulnerability serves as a stark reminder of the importance of regular updates, professional management, and backups in maintaining a secure WordPress site. Don’t leave your website’s security to chance; hire a professional like Da Hawaii Website Guy to take care of it for you.