CVE-2024-43960: 
WordPress vulnerability analysis and mitigation

The Web and WooCommerce Addons for WPBakery Builder WordPress plugin contains a Cross-site Scripting (XSS) vulnerability affecting versions up to and including 1.4.6. The vulnerability was discovered on August 26, 2024, and was assigned CVE-2024-43960 (Patchstack).

The vulnerability is classified as a Stored Cross-site Scripting (XSS) issue, stemming from improper neutralization of input during web page generation (CWE-79). The CVSS v3.1 base score is 4.8 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability requires high privileges to exploit and user interaction (NVD).

If exploited, this vulnerability could allow attackers to inject malicious scripts, including redirects and advertisements, which would be executed when visitors access the affected site. The impact is considered low to medium severity based on the CVSS scoring (Patchstack).

As of the current date, no official fix has been released for this vulnerability. Website administrators running affected versions should consider implementing additional security controls or consulting with security professionals for mitigation strategies (Patchstack).