The vulnerability resides in the way the plugins let WordPress account holders authenticate via Facebook and Google login. The flaw could be exploited by remote attackers to gain administrative access to sites without requiring any password. The two vulnerable plugins are currently installed over hundreds of thousands of WordPress websites. MalCare discovered the vulnerability on Wednesday and reported the issue to the development team the same day that fixed it within just 7 hours. Attackers exploited the vulnerability to compromise WordPress sites and install a malicious backdoor for later access.”]
Source: https://securityaffairs.co/wordpress/95076/hacking/beaver-builder-elementor-hacking-wordpress.html