The Events Addon for Elementor plugin for WordPress is vulnerable to a type of attack called Cross-Site Request Forgery in all versions up to 2.1.2. This type of attack can be used by unauthenticated attackers, meaning attackers who do not need to log in to the website, to modify the plugin’s settings without permission. This is possible because the plugin does not have a system in place to prevent these forged requests. To protect against this type of attack, site administrators should avoid clicking on suspicious links.