Vulnerability Discovered in Elementor Pro < 2.9.4
https://blog.nintechnet.comNote that this affects the Elementor Pro version, not the free one from the wordpress.org repo. In versions prior to 2.9.4, there is a vulnerability that allows any logged-in user to upload and execute PHP scripts on the blog.
The issue has been fixed in Version 2.9.4 which is available now from the author’s website.