The Royal Elementor Addons and Templates plugin for WordPress has a security flaw that allows attackers to insert harmful code into web pages. This can be done by manipulating the display_message_text setting in the Countdown widget. The plugin is vulnerable in all versions up to 1.7.1017 because it does not properly clean and protect input and output. This means that anyone with Contributor-level access or higher can potentially add malicious scripts to web pages.