The AnyWhere Elementor plugin for WordPress has a security vulnerability that could expose private or draft posts created by Elementor. This can be done by authenticated attackers with Contributor-level access or higher, using the ‘INSERT_ELEMENTOR’ shortcode. This vulnerability exists in all versions up to and including 1.2.11.