The Elementor page builder plugin itself patched a similar vulnerability in February 2021. This vulnerability affects add-on plugins for Elementor that are created by third parties.

XSS vulnerability affecting up to +200,000 WordPress installations discovered in Elementor add-on plugin, Jeg Elementor Kit.

The authors of the Elementor Website Builder plugin for WordPress have just released version 3.6.3 to address a critical remote code execution flaw that may impact as many as 500,000 websites.