The Elementor page builder plugin itself patched a similar vulnerability in February 2021. This vulnerability affects add-on plugins for Elementor that are created by third parties.

XSS vulnerability affecting up to +200,000 WordPress installations discovered in Elementor add-on plugin, Jeg Elementor Kit.

More than 12 million WordPress-sites utilize Elementor. According to the WordPress Plugin Directory, more than 1 million active websites have the Essential Addons for Elementor installed.

The authors of the Elementor Website Builder plugin for WordPress have just released version 3.6.3 to address a critical remote code execution flaw that may impact as many as 500,000 websites.