Description
WordPress Plugin Cryptocurrency Widgets For Elementor is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently download and extract a remote ZIP file on the blog, which can lead to remote code execution. WordPress Plugin Cryptocurrency Widgets For Elementor version 1.2.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3 or latest
References
https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/
https://plugins.svn.wordpress.org/cryptocurrency-widgets-for-elementor/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Scripting (2.3.1)
IBM WebSEAL Missing Authorization Vulnerability (CVE-2020-4499)
Varnish Cache Other Vulnerability (CVE-2015-8852)
WordPress Plugin Amelia-Events & Appointments Booking Calendar Cross-Site Scripting (1.0.46)
WordPress Plugin Duplicator-WordPress Migration Cross-Site Scripting (1.2.32)