The Royal Elementor Addons plugin for WordPress has a security vulnerability in versions up to and including 1.3.75. It is possible for unauthenticated attackers to make forged requests and trick a site administrator into clicking a link or performing an action. This happens because the plugin does not have the correct security validation for functions such as wpr_rating_dismiss_notice, wpr_rating_already_rated, and wpr_pro_features_dismiss_notice.