The Responsive Addons for Elementor WordPress plugin suffers from a stored cross-site scripting vulnerability (CWE-79) due to improper neutralization of input during web page generation. Specifically, the 'rael_title_tag' parameter is not properly sanitized or escaped, allowing authenticated users with Contributor or higher privileges to inject arbitrary scripts. These scripts execute in the context of users who view the compromised pages, potentially leading to session hijacking or other script-based attacks. Although version 1.6.9 includes a partial patch, the vulnerability is not fully resolved. No official patch or vendor advisory confirming a complete fix is currently available.

An attacker with Contributor-level access or higher can exploit this vulnerability to inject malicious JavaScript into pages, which executes in the browsers of users who view those pages. This can lead to theft of user credentials, session tokens, or other sensitive information accessible via the browser context. The vulnerability does not affect availability but impacts confidentiality and integrity. The partial patch in version 1.6.9 suggests some mitigation, but the risk remains until a full fix is confirmed.

Patch status is not yet confirmed—check the vendor advisory for current remediation guidance. The vulnerability was partially patched in version 1.6.9, so upgrading to this version is recommended as a temporary measure. Monitor the vendor's official channels for a complete fix. Until a full patch is available, restrict Contributor-level access to trusted users only and consider additional input validation or web application firewall rules to detect and block malicious payloads targeting the 'rael_title_tag' parameter.