CVE-2024-0586: 
WordPress vulnerability analysis and mitigation

The Essential Addons for Elementor WordPress plugin is affected by a Stored Cross-Site Scripting vulnerability (CVE-2024-0586) in versions up to and including 5.9.4. The vulnerability exists in the Login/Register Element component due to insufficient input sanitization and output escaping on the custom login URL (NVD).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The CVSS v3.1 base score is 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N according to NVD's assessment. Wordfence has assigned a slightly higher CVSS score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N (NVD).

When exploited, this vulnerability allows authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses the compromised page (NVD).

Users should upgrade to version 5.9.5 or later of the Essential Addons for Elementor plugin, which contains the security fix. The patch has been documented in the WordPress plugin repository (WordPress Patch).