Description
WordPress Plugin Elementor Website Builder is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently import/export content which may lead to potentially complete site compromise. WordPress Plugin Elementor Website Builder version 1.7.12 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.8.1 or latest
References
http://www.pritect.net/blog/elementor-page-builder-1-8-allows-logged-users-unrestricted-editing
https://plugins.svn.wordpress.org/elementor/trunk/readme.txt
Related Vulnerabilities
Joomla! Core 3.7.0 SQL Injection (3.7.0)
WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.12)
MySQL CVE-2020-2759 Vulnerability (CVE-2020-2759)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-3981)
WordPress 2.0.3 Multiple Unspecified Security Vulnerabilities (2.0 - 2.0.3)