Description
WordPress Plugin Elementor Pro is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently update arbitrary blog options and create administrator account. WordPress Plugin Elementor Pro version 3.11.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.11.7 or latest
References
https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin/
https://elementor.com/help/elementor3-11-7-security-vulnerability-resolved/
Related Vulnerabilities
WordPress 'paged' Parameter SQL Injection Vulnerability (2.0.2 - 2.0.5)
WebLogic Observable Discrepancy Vulnerability (CVE-2019-3739)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4718)
Oracle Database Server CVE-2006-5336 Vulnerability (CVE-2006-5336)
WordPress Plugin smart Archive Page Remove Unspecified Vulnerability (3)