According to Wordfence security researchers, it seems that almost every plugin tested to Elementor had some kind of vulnerabilities. A number of plugin publishers, once contacted about these weaknesses, updated their respective plugins.
Even the Elementor page builder plugin was even patched in February 2021 for a comparative vulnerability, which affected add-on plugins for Elementor that had been made by third parties.
According to Wordfence:
“We found the same vulnerabilities in nearly every plugin we reviewed that adds additional elements to the Elementor page builder.”