The plugin called “Unlimited Elements For Elementor” (which provides free widgets, addons, and templates for WordPress) has a security issue known as “Reflected Cross-Site Scripting.” This means that versions up to 1.5.93 of the plugin do not properly clean or protect user input, which could allow hackers to insert harmful code into a page that will run if a user clicks on a link. This attack can be carried out even if the user is not logged in.