Elementor released an update to version 3.18.1 today. It is unclear if this patch fixes the vulnerability as the Wordfence site currently states that the vulnerability is unpatched.

A critical security vulnerability in Essential Addons for Elementor has been identified, potentially impacting over two million WordPress websites. The flaw, a reflected cross-site scripting (XSS) ...

Stored Cross Site Scripting is has the greater potential to do harm because it can attack any visitor to a web page. Stored XSS Elementor Exploit The stored XSS vulnerability affecting Elementor ...

If your site uses Elementor Pro, it is imperative to upgrade to version 3.11.7 or later (the latest available is 3.12.0) as soon as possible, as hackers are already targeting vulnerable websites.

Anyone using Elementor Pro should ensure they’re running 3.11.7 or later, as all previous versions are vulnerable. It’s also a good idea for these users to check their sites for the signs of ...

The plugin vulnerability has since been patched and Essential Addons for Elementor users are being urged to update to version 5.7.2. All versions of the plugin prior, going back to version 5.4.0 ...