CVE-2024-38687: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Sky Addons for Elementor WordPress plugin, identified as CVE-2024-38687. The vulnerability affects versions through 2.5.5 of the plugin and was disclosed on July 20, 2024. The affected software is Techfyd Sky Addons for Elementor, a WordPress plugin that provides additional functionality for the Elementor page builder (NVD, Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It has received a CVSS v3.1 base score of 5.4 (Medium) from NVD with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Patchstack assigned it a slightly higher score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability allows attackers to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into the website which will be executed when guests visit the site. This could lead to various forms of client-side attacks against website visitors (Patchstack).

Users are advised to update to version 2.5.8 or later of the Sky Addons for Elementor plugin to remediate this vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).