Attention WordPress website owners using the Elementor Addon Elements plugin: A high-severity Cross-Site Scripting (XSS) vulnerability has been identified, posing significant risks to WordPress security and potentially exposing your website to malware threats.

The security flaw was discovered and responsibly reported by Rafie Muhammad of Patchstack, emphasizing the significance of collaborative efforts in ensuring a secure WordPress environment.

The vulnerability in the Elementor Addon Elements Plugin could allow malicious actors to inject harmful scripts, such as redirects, advertisements, and other malicious HTML payloads, directly into your website. When guests visit your site, these injected scripts would execute, potentially leading to harmful outcomes and jeopardizing the trust of your visitors.


This XSS vulnerability has been assigned a CVSS 3.1 score of 7.1, signifying its high severity and the serious impact it could have on your website’s security and integrity.

Affected Versions:

The good news is that the developers of the Elementor Addon Elements plugin have acted swiftly to protect users. They have released a patched version (1.12) that addresses this vulnerability and enhances the security of the plugin.


If exploited, malicious actors could inject harmful scripts into your website, posing severe risks, including but not limited to unauthorized redirection, unwanted advertisements, and potential malware infection.


To protect your website from potential attacks and mitigate WordPress vulnerability risks, immediate action is imperative:

  1. Update to Version 1.12: Upgrade to the latest version of the Elementor Addon Elements plugin (version 1.12) to eliminate the vulnerability. Regularly update your plugins to ensure you have the latest security patches.
  2. Monitor for Security Advisories: Stay informed about security advisories from the plugin’s developers or reputable WordPress security sources to address potential future vulnerabilities promptly.
  3. Conduct Security Audits: Perform regular security audits on your website to identify and address any existing vulnerabilities and strengthen overall WordPress security.
  4. Implement Web Application Firewall (WAF): Consider implementing a Web Application Firewall to provide an additional layer of protection against potential XSS attacks and other malicious activities.

In the realm of WordPress security, proactive measures are indispensable to protect against emerging threats and potential WordPress malware exploits. By staying vigilant and promptly addressing vulnerabilities like this XSS flaw, you establish a resilient WordPress security posture and enhance user trust.