The flaws were uncovered in Elementor, a website builder plugin used on more than seven million sites, and WP Super Cache, a tool used to serve cached pages of a WordPress site. The bug concerns a set of stored cross-site scripting (XSS) vulnerabilities (CVSS score: 6.4), which occurs when a malicious script is injected directly into a vulnerable web application. The flaws take advantage of the fact that dynamic data entered in a template could be leveraged to include malicious scripts intended to launch XSS attacks.
Source: https://thehackernews.com/2021/03/flaws-in-two-popular-wordpress-plugins.html