The Royal Elementor Addons plugin for WordPress has a security issue in versions up to and including 1.3.59. This issue can allow unauthenticated attackers to create Mega Menu templates if they can trick an administrator into clicking a link or performing some other action. The problem is due to a lack of nonce validation in the ‘wpr_create_mega_menu_template’ AJAX function.