If your website is running the Plus Addons plugin for Elementor, you need to take notice of this critical vulnerability which is being exploited in the wild right now.
The short version of the issue is: when exploited, it's possible to either use an existing admin account, or create a new admin account on your site, and take over the site entirely.
Wordfence discovered the issue, and have published their findings for us all...
Regular maintenance of your website helps keep your plugins up to date, and therefore mitigate issues like this from affecting your site due to neglect. I offer these services in my WordPress Maintenance Membership. Or you can contact me to discuss further.