The Elementor Addon Elements plugin for WordPress has a security vulnerability in versions up to and including version 1.11.7. This vulnerability is called Cross-Site Request Forgery. It occurs when the eae_review() and fv_download_box() functions don’t have the proper security measures in place, like a nonce validation. This means that if an unauthenticated attacker is able to trick an administrator into clicking a link, they can force unwanted actions on other users and gain administrative access.