All versions of Elementor Pro up to (and including) 3.11.6 allow users to escalate to WordPress admin access.
As reported by sources including from Bleeping Computer and Ars Technica, a vulnerability in Elementor Pro has allowed users to grant themselves admin access to WordPress sites running WooCommerce.
Elementor announced that this vulnerability is fixed in version 3.11.7, and all later versions of Elementor Pro. The latest version, 3.12.1, was released on 2 April 2023.
Check and update your WordPress plugins
Log into WordPress.
Open Plugins > Installed Plugins from the main menu.
In your list of plugins screens, check which version of Elementor Pro you are running.
