CVE-2024-47357: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Happy Addons for Elementor WordPress plugin, identified as CVE-2024-47357. The vulnerability affects versions up to and including 3.12.0 of the plugin, which is developed by Leevio. This security issue was discovered and reported on September 30, 2024 (Patchstack).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue due to insufficient input sanitization and output escaping. It has received a CVSS v3.1 base score of 5.4 (Medium) according to NVD, while Patchstack rates it at 6.5 (Medium). The vulnerability is categorized under CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses the injected page, potentially leading to unauthorized actions, data theft, or site manipulation (WPScan).

The vulnerability has been patched in version 3.12.1 of the Happy Addons for Elementor plugin. Users are advised to update to this version or later to remove the vulnerability (Patchstack).