Events Addon for Elementor <= 2.1.3 is vulnerable to Broken Access Control vulnerability

The Events Addon for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the naevents_bw_settings_save_func(), naevents_bw_toggle_submit_func(), naevents_pro_settings_save_func(), naevents_pro_toggle_submit_func() and naevents_uw_settings_save_func() functions all hooked via nopriv AJAX actions in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to modify the plugin's settings.