Description
WordPress Plugin Elementor Pro is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently update arbitrary blog options and create administrator account. WordPress Plugin Elementor Pro version 3.11.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.11.7 or latest
References
https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin/
https://elementor.com/help/elementor3-11-7-security-vulnerability-resolved/
Related Vulnerabilities
Apache Tomcat Improper Input Validation Vulnerability (CVE-2016-1240)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000395)
Apache HTTP Server Other Vulnerability (CVE-1999-0071)
WordPress Plugin Theme My Login Security Bypass (6.4.6)
WordPress Plugin Spotlight Social Feeds [Block, Shortcode, and Widget] Cross-Site Scripting (1.4.2)