Just wanted to inform you on my own experience. Tonight I received an email notifying that my website admin email had been changed to "[email protected]"
Of course I have not changed it. So I disabled the site quickly and started looking. I got to this message on reddit: He mentions a 'bot' is scanning the dirs for elementor-pro/changelog and when found, adding an admin account.
His story sounded strange, so I think he also uses a 'nulled' version, like I do (thanks for providing it Aksakalli gardasim), and you all do, and did not want to talk too much about the source of the plugin....
Anyway, I thought if any of you guys using elementor pro, gets the site password changed or gets new admins added to the site, consider de-activating elementor pro (like I just did).
I am just going to browse through the code if I can find anything.
If I am wrong, I am sorry for all the panic I may have caused.
Just to add to this... same thing happened to a site we manage, using elementor Pro which is not nulled. Seems to be related to 3.11 vulnerability