via pluginvulnerabilities.com => original post link
We are currently in the process of reviewing a partially disclosed possible vulnerability in a 200,000+ install WordPress plugin that extends the 5+ million install plugin Elementor. One issue we found with the possible vulnerability is that the developer is failing to properly limit access to functionality in the plugin. And instead relying solely on a nonce a limit access to only the intended WordPress users. WordPress documentation for nonces clearly states that shouldn’t be done:
Nonces should never be relied on for authentication, authorization, or access control. Protect your functions using current_user_can(), and always assume nonces can be compromised. [Read more]