A Zero Day vulnerability has been discovered in the WordPress Plus Addons for Elementor. The exploit allows a full-site takeover. Security researchers recommend immediately disabling the plugin to avoid being hacked.
The exploit is not present in Elementor itself, it’s in a popular plugin that extends Elementor.
Zero Day Vulnerability
A zero day vulnerability is a vulnerability that hackers know about but for which the software developer does not have a patch to stop it.
Normally a vulnerability is discovered and the software developer has time to fix it before the flaw is discovered by hackers.