[ad_1]
A vulnerability was discovered in Elementor, starting with version 3.6.0, that allows an attacker to upload arbitrary code and stage a full site takeover. The flaw was introduced through a lack of proper security policies in a new “Onboarding” wizard feature.
Missing Capability Checks
The flaw in Elementor was related to what is known as Capability Checks.
A capability check is a security layer that all plugin makers are obliged to code. What the capability check does is to check what permission level any logged in user has.
For example, a person with a subscriber level permission…
More Info
