Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability. The affected versions are 5.0.4 and later. The flaw allows an unauthenticated user to upload a PHP file to a server and execute code on the target site. Developers have released version 5.0.5 to eliminate this vulnerability.

Source: anti-malware.ru