This vulnerability in ElementsKit Elementor addons Lite (<= 3.0.6) involves improper neutralization of input during web page generation, leading to a cross-site scripting (XSS) flaw. An attacker with low privileges can exploit this issue by tricking a user into interacting with crafted content, potentially causing script execution in the context of the victim's browser. The CVSS 3.1 score is 6.5, reflecting network attack vector, low attack complexity, required privileges, user interaction, and impacts on confidentiality, integrity, and availability.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of a victim's browser, potentially leading to information disclosure, modification of content, or disruption of availability. The attack requires user interaction and low privileges, limiting the ease of exploitation. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution with untrusted input and consider applying any available temporary mitigations recommended by the vendor or security community. Monitor for updates from Roxnor regarding patches or official fixes.