This vulnerability in ElementInvader Addons for Elementor (up to version 1.3.6) is due to improper neutralization of input during web page generation, leading to a DOM-based Cross-site Scripting (XSS) issue. An attacker with low privileges and requiring user interaction can exploit this vulnerability remotely over the network. The CVSS 3.1 base score is 6.5, reflecting medium severity with partial impact on confidentiality, integrity, and availability. The vulnerability is publicly disclosed but lacks an official patch or vendor advisory at this time.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to limited disclosure of information, modification of data, or disruption of service. The impact is rated medium due to the requirement for user interaction and low privileges.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting privileges and minimizing exposure of the affected plugin. Monitor vendor channels for updates and apply patches promptly once released.