Elementor is one of the most popular Website builder used by the wordpress developers to build a website. This builder uses several Add ons to offer more features. One of the most popular add on is Plus Addons. This offers several functions including registration and login options. This add on comes in two forms . One is free with limited features and premium version which has complete set of features.
Premium version of Plus Addons is the one affected now. According to Wordfence, identified issue resides in one of the widgets offered by the add on which creates user login and registration forms. There is some misconfiguration in this. Due to this attacker can create a new administrative account for the website or even hack in to existing admin account of the website.
At the same time free version of the plugin is not affected by this vulnerability. WordPress developers must note that even if you have not used this plugin to create user login pages, it still will let hacker access the admin page. It is better to uninstall this add on if you have it in your website and user the free version until the issue is sorted out and remedies found.
