WordPress sites running outdated versions of “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor” plugins are exposed to hack. Security experts from MalCare discovered a critical easy-to-exploit authentication bypass vulnerability in “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor .” The vulnerability resides in the way the plugins let WordPress account holders, including administrators, authenticate via Facebook and Google login.
Read full article on Security Affairs