Description The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_inline_svg function in all versions up to, and including, 3.16.4. This makes it possible for authenticated attackers, with contributor-level access and above, to read arbitrary attachment files.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 3.16.5 |