Wordfence

**Name of the Vulnerable Software and Affected Versions** JetWidgets for Elementor plugin for WordPress versions up to, and including, 1.0.12 **Description** The issue is due to missing nonce validation on the `save()` function, allowing unauthenticated attackers to modify the plugin's settings via a forged request. This can be achieved by tricking a site administrator into performing an action, such as clicking on a link. The vulnerability can be used to enable SVG uploads, potentially leading to Cross-Site Scripting. **Recommendations** For versions up to, and including, 1.0.12, update to a version that includes nonce validation on the `save()` function to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.