The Royal Elementor Addons and Templates plugin for WordPress has a security issue that allows for Stored Cross-Site Scripting. This can happen through the Form Builder widget and affects all versions up to 1.7.1001. The problem occurs because the plugin does not properly clean and protect user-supplied information. This means that attackers who are logged in with contributor-level access or higher can insert harmful web scripts into pages that will run whenever a user visits that page.