This update enforces strict manage_options capability checks for plugin status and migration requests to prevent unauthorized access. It ensures only administrators can trigger these sensitive management functions via the REST API.
This vulnerability affects the following application versions:
- Elementor Website Builder 3.34.2
- Elementor Website Builder 3.34.3
- Elementor Website Builder 3.35.0-beta1
- Elementor Website Builder 3.35.0-beta2
- Elementor Website Builder 3.35.0-beta3
- Elementor Website Builder 3.35.0-dev1
- Elementor Website Builder 3.35.0-dev2
- Elementor Website Builder 3.35.0-dev3