The Elementor page builder plugin itself patched a similar vulnerability in February 2021. This vulnerability affects add-on plugins for Elementor that are created by third parties.

XSS vulnerability affecting up to +200,000 WordPress installations discovered in Elementor add-on plugin, Jeg Elementor Kit.

Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin to install backdoors on sites.

Hackers exploit WordPress plugin flaw that gives full control of millions of sites Elementor Pro fixed the vulnerability, but not everyone has installed the patch.

A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited by two WordPress security teams.