Description
WordPress Plugin Events Widgets For Elementor And The Events Calendar is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently download and extract a remote ZIP file on the blog, which can lead to remote code execution. WordPress Plugin Events Widgets For Elementor And The Events Calendar version 1.4.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.5 or latest
References
Related Vulnerabilities
WordPress Plugin jRSS Widget 'url' Parameter Directory Traversal (1.1.1)
TYPO3 Improper Input Validation Vulnerability (CVE-2013-4250)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2642)
WordPress Plugin Kadence WooCommerce Email Designer PHP Object Injection (1.5.6)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-7061)