The one way by which a WordPress website is prone to hacking is by accessing vulnerable plugins. That is why we need to carefully manage the plugins and keep them updated. A recent security check done by some researchers at Wordfence has found a vulnerability in the popular WordPress plugin Elementor.
Elementor is a free WordPress plugin for building websites. It has over 5 million+ active installs. It is possible that all these websites are prone to attack due to this vulnerability. The vulnerability in Elementor was detected early in February and it has resurfaced in Elementor's add on plugins now.
There are over 15 add-on plugins for Elementor and it is downloaded over millions of websites too. The add-on plugins are used in Elementor to increase the functionality of the website builder. However, it is estimated that these millions of websites are now prone to attack.
Once the admin credential is accessed the whole site can be taken by the attacker. So, the site security resides on how secure the website credentials are.
Since the attack is performed by a plugin vulnerability, it is better to address the issue within the affected plugins first. Updating the affected plugins is a primary remedy to the issue. However, you will not have to worry about it if the site's credentials are not compromised.
Also, you can install WordFence security plugin to escalate from the issue.