via pluginvulnerabilities.com => original post link
Patchstack claims there had been an authenticated remote code execution (RCE) vulnerability in the WordPress plugin Dynamic Content for Elementor, which at least one of our customers started using recently. Trying to figure out what is going on there showed the difficultly of trying to vet vulnerability claims in WordPress plugins.
In trying to figure out what was going on, we tried visiting the two links included in Patchstack’s information. Both the links are broken. Looking at an archived copy of one of them, a changelog for the plugin, it doesn’t make any mention of a security fix in the version Patchstack claims fixes this. Here is what is listed for that version: [Read more]