CVE-2024-11104: 
WordPress vulnerability analysis and mitigation

The Sky Addons for Elementor WordPress plugin (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) contains a vulnerability identified as CVE-2024-11104. The vulnerability affects all versions up to and including 2.6.2, and was disclosed on November 22, 2024. This security issue stems from a missing capability check in the save_options() function (NVD).

The vulnerability is classified as a missing authorization issue (CWE-862) that allows unauthorized modification of data. The CVSS v3.1 base score is 8.1 (HIGH), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H. The vulnerability specifically relates to the save_options() function's implementation, which lacks proper capability checks, allowing manipulation of array-type option values (NVD).

The vulnerability enables authenticated attackers with subscriber-level access or higher to update arbitrary options on the WordPress site. This capability is specifically limited to option values that can be saved as arrays, potentially leading to a denial of service condition (NVD).

Users should upgrade to version 2.6.3 or later of the Sky Addons for Elementor plugin to address this vulnerability. This version includes the necessary capability checks to prevent unauthorized modification of options (NVD).