A zero-day vulnerability has been found in The Plus Addons for Elementor plugin for WordPress, that allow to gain site administrator privileges. Attackers have already discovered it and are actively using it. The privilege escalation vulnerability identified as CVE-2021-24175 was rated as critical (CVSS score - 9.8).  Its presence is confirmed for all previous releases of the plugin (4.1.6 and below). The free version, The Plus Addons for Elementor Lite, is not affected by the problem. A fixed version of the product (4.1.7) has just been released, users are advised to install it as soon as possible.

Source: anti-malware.ru