If you are using two popular plugins made by Brainstorm Force, Ultimate Addons for Beaver Builder or Ultimate Addons for Elementor, stop what you are doing now and update your plugins.
A major vulnerability was found a little over a week ago in both of these plugins that could allow hackers to gain administrative access to any website using them. Due to lack of checks in the authentication method when a user login via Facebook or Google, vulnerable plugins can be tricked into allowing malicious users to login as any other targeted user without requiring any password.
The team as Brainstorm Force released the following statement:
“We’ve released an update and have patched the vulnerable code. Users can apply the patch by updating the plugin in one click. Users who have registered their licence key see an update notification in their WordPress dashboard. All they need to do is click update.”
We are seeing this being exploited on accounts that are not subscribed to our Managed WordPress plans and caution all of our clients to update their plugins now with patches that have been released to close this serious security vulnerability.