Description
WordPress Plugin Essential Addons for Elementor is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Essential Addons for Elementor version 2.9.8 is vulnerable; prior versions may also be affected.
Remediation
Disable the plugin until a fix is available
References
Related Vulnerabilities
WordPress 4.8.x Cross-Site Request Forgery (4.8 - 4.8.8)
WordPress Plugin mb.YTPlayer for background videos Unspecified Vulnerability (1.7.2)
WordPress Plugin WP Realtime Sitemap Multiple Unspecified Vulnerabilities (1.5.5)
WordPress Plugin Efence Multiple Cross-Site Scripting Vulnerabilities (1.3.2)
WordPress Plugin WP Editor Multiple Vulnerabilities (1.2.5.3)