Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in widely-used premium WordPress plugins. The vulnerability resides in the way both plugins let account holders authenticate via Facebook and Google login mechanisms. To exploit the vulnerability, the hacker needs to use the email ID of an admin user of the site. In most cases, this information can be retrieved fairly easily. The vulnerability has been patched with the release of “Ultimate Addons for Elementor version 1.20.0.1 ” and Ultimate Addons. for Beaver Builder.
Source: https://thehackernews.com/2019/12/wordpress-elementor-beaver.html