http://www.pritect.net/blog/elementor-page-builder-1-8-allows-logged-users-unrestricted-editing
Elementor Page Builder versions less than 1.8 contain a major security issue that allows logged in users (not just admin) unrestricted access to the Elementor specific backend functions. This allows unrestricted importing/exporting of content and potentially complete site compromise. The WordPress.org repository claims there are over 300,000 active installations.
If you are running an older version, upgrade immediately. The Elementor team
Source: Security Feed