The Royal Elementor Addons and Templates plugin for WordPress has a security issue that makes it vulnerable to a type of attack called Stored Cross-Site Scripting. This can happen when someone uses the plugin’s Back to Top feature and the plugin doesn’t properly check the information that is entered or protect against harmful code. This means that people who have contributor access or higher could potentially insert their own code into pages, which would then run whenever someone views that page.