The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.
https://wpvulndb.com/vulnerabilities/10051
https://wordpress.org/plugins/elementor/#developers
https://blog.impenetrable.tech/xss-in-wordpress-elementor-plugin