It is estimated that Elementor Pro is installed on over 1 million sites and that Ultimate Addons has an install base of roughly 110,000.
If you are using any of these plugins on your website, upgrade to the latest versions immediately. On May 7, 2020, the Elementor team has released Elementor Pro 2.9.4 that has been verified to patch the vulnerability.
The vulnerability in Elementor Pro is determined to be a zero day vulnerability which is exploitable if users have open registration. Meanwhile, the vulnerability in Ultimate Addons for Elementor, allows the Elementor Pro vulnerability to be exploited, even if the site does not have user registration enabled.
For more information please check the official public release.
If you have questions, don’t hesitate to contact our support team.