CVE-2024-38674: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in SKT Themes SKT Addons for Elementor plugin, tracked as CVE-2024-38674. The vulnerability affects versions up to 3.1 and was discovered on July 10, 2024, by security researcher João G. Barbosa (4rCanJ0x!). The issue allows authenticated users with Contributor or higher privileges to inject malicious scripts into web pages (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It has received a CVSS v3.1 base score of 5.4 (Medium) from NVD with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Patchstack assigned it a slightly higher score of 6.5 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (NVD).

If exploited, this vulnerability could allow malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site, potentially compromising user security and website integrity (Patchstack).

The vulnerability has been patched in version 3.2 of the SKT Addons for Elementor plugin. Users are strongly advised to update to version 3.2 or later to remediate this security issue. The vulnerability is considered to have a low severity impact and is unlikely to be exploited, but updating remains the recommended course of action (Patchstack).