Product
A Local File Inclusion vulnerability exists in the LA-Studio Element Kit for Elementor plugin for WordPress, affecting all versions up to and including 1.6.1, which allows authenticated attackers with contributor-level access or higher to include and execute arbitrary .php files on the server due to improper path traversal handling and an easily bypassed extension check, leading to PHP code execution, access control bypass, and sensitive data exposure.