From securityaffairs.co
Researchers at the Wordfence team of the security firm Defiant have spotted a critical flaw in The Plus Addons for Elementor WordPress plugin that could be exploited by attackers to gain administrative privileges to a website and take over it. The researchers also warn that the zero-day vulnerability has been exploited in the wild.
The Plus Addons for Elementor allows to add several widgets to the popular WordPress website builder Elementor, it has more than 30,000 installations to date.
Wordfence researchers discovered the vulnerability in one of the widgets that the plugin allows to add, it allows designers and developers to insert user login and registration forms to Elementor pages.