2 matches found
CVE-2020-26596
The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO...
CVE-2020-26596
CVE-2020-26596 affects the Dynamic OOO widget in Elementor Pro for WordPress up to version 3.0.5. It permits remote authenticated users with the Editor role to upload executable PHP code via the PHP Raw snippet, enabling arbitrary code execution. Mitigation suggested in the description is to remo...