Security researchers are warning of a critical-severity vulnerability in the Royal Elementor Addons and Templates WordPress plugin that has been exploited as a zero-day for more than a month.
Developed by WP Royal, the plugin helps domain admins build their websites without any coding experience. Royal Elementor has more than 200,000 active installations on the WordPress marketplace.
https://www.securityweek.com/wordpress-websites-hacked-via-royal-elementor-plugin-zero-day/