The Ultimate Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.36.31. This makes it possible for authenticated attackers, with contributor-level access and above, to register as an administrator on vulnerable sites.
as reported on WpScan
The team at MalCare pointed out a bug in the plugin after which we worked on it, fixed this vulnerability and released an update in under 7 hours.