CVE-2024-49277: 
WordPress vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability has been identified in CodeAstrology Team's UltraAddons Elementor Lite WordPress plugin, affecting versions through 1.1.8. The vulnerability was discovered by researcher Michael and was disclosed on October 15, 2024, receiving the identifier CVE-2024-49277 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79). It has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L, indicating that it requires low attack complexity but needs user interaction and privileged access to exploit (NVD).

The vulnerability could allow a malicious actor with author-level privileges or higher to inject malicious scripts into the website. These scripts could be used to create redirects, insert unauthorized advertisements, or execute other HTML payloads that would affect visitors to the affected site (Patchstack).

As of the latest reports, there is no official fix available for this vulnerability. The issue remains unpatched in versions up to 1.1.9 (Wordfence).