Description
WordPress Plugin Elementor Website Builder is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently import/export content which may lead to potentially complete site compromise. WordPress Plugin Elementor Website Builder version 1.7.12 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.8.1 or latest
References
http://www.pritect.net/blog/elementor-page-builder-1-8-allows-logged-users-unrestricted-editing
https://plugins.svn.wordpress.org/elementor/trunk/readme.txt
Related Vulnerabilities
Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-18679)
PostgreSQL Numeric Errors Vulnerability (CVE-2014-0064)
WordPress Plugin TDO Mini Forms Arbitrary File Upload (0.13.9)
Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-5045)
Oracle Application Server CVE-2006-0275 Vulnerability (CVE-2006-0275)