The Essential Addons for Elementor plugin for WordPress is at risk of being hacked through a programming vulnerability. This can happen in any version up to 5.9.13. The vulnerability is caused by accepting unsafe information from the ‘error_resetpassword’ attribute of the “Login | Register Form” widget (which is not turned on by default). This means that someone who has permission to access the website and has a certain level of authorization can insert their own code. If there is a chain of programs or themes connected to the target website, the hacker could potentially delete important files, access private information, or run their own code.