Product
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'status' parameter in the wpr_update_form_action_meta AJAX action, allowing unauthenticated attackers to inject arbitrary web scripts into pages.