A popular plugin for WordPress called “The Essential Addons for Elementor” has a security vulnerability that can be exploited by hackers. This vulnerability, known as “Reflected Cross-Site Scripting”, allows attackers to inject harmful code into web pages if they can trick a user into clicking on a link. It affects all versions of the plugin up to 6.0.14 and is caused by a lack of proper input sanitization and output escaping.