By 
If you are a WordPress user, then be careful as your website could easily get hacked if you are using “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor” and haven’t lately updated them to the state-of-the-art available versions.
Security experts have found a serious yet easy-to-exploit verification bypass flaw in both widely-used premium WordPress plugins that could let remote invaders get administrative access to sites without needing any password.
Worryingly, unscrupulous attackers have already started abusing this flaw within two days of its discovery in order to affect susceptible WordPress websites.
Created by software development company Brainstorm Force, both weak plugins are presently running over hundreds of thousands of WordPress websites using Elementor and Beaver Builder frameworks.
Revealed by experts at web security service MalCare, the weakness exists in the way both plugins let WordPress account holders, including administrators, authenticate via Facebook and Google login devices.
As per the vulnerability’s advisory, owing to want of checks in the verification method when a user logs in via Facebook or Google, susceptible plugins can be deceived into allowing mean users to log in as any other targeted user without needing any password.
It was confirmed that attackers are exploiting this vulnerability to install a false SEO stats plugin after uploading a tmp.zip file on the targeted WordPress server.
