Elementor Page Builder < 2.9.6 - Authenticated Safe Mode Privilege Escalation



Description
The Elementor WordPress plugin could allow an authenticated user to enable Safe Mode. This could allow the user to then disable plugins, which could include security plugins, which would weaken the overall security of the site.

Affects Plugin

fixed in version 2.9.6

References

URL https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-safe-mode-privilege-escalation-vulnerability/
URL https://github.com/elementor/elementor/commit/2204e9ecb02a764e4e4fed49f28d8af7534b9392

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Original Researcher NinTechNet
Views 3337
Verified No
WPVDB ID 10156

Timeline

Publicly Published 2020-03-31 (about 2 months ago)
Added 2020-03-31 (about 2 months ago)
Last Updated 2020-04-01 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin