The Elementor Addon Elements plugin for WordPress has a security vulnerability in versions up to and including 1.12.7. This vulnerability makes it possible for unauthenticated attackers to enable or disable the elementor addon elements without the site administrator’s permission. This is because the plugin is missing or not correctly validating a security measure called a ‘nonce’ in the eae_save_elements function. To exploit this vulnerability, attackers would need to trick a site administrator into clicking on a malicious link.