Description
WordPress Plugin Elementor Website Builder is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently upload SVG files even if not allowed. WordPress Plugin Elementor Website Builder version 3.0.13 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.0.14 or latest
References
Related Vulnerabilities
WordPress Plugin Profile Builder-User Profile & User Registration Forms Cross-Site Scripting (3.4.7)
WordPress 5.0.x Prototype Pollution (5.0 - 5.0.15)
PHP Other Vulnerability (CVE-2007-1375)
WordPress Plugin WP Forum Server Cross-Site Scripting and SQL Injection Vulnerabilities (1.7.3)
WordPress Plugin GamePress-The Game Database Cross-Site Scripting (1.1.0)