CVE-2024-50433: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in wowDevs Sky Addons for Elementor, affecting versions through 2.5.15. The vulnerability was disclosed on October 24, 2024, and was assigned identifier CVE-2024-50433. This security issue affects the WordPress plugin Sky Addons for Elementor, which provides functionality for templates, animations, post grids, and other features (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. Patchstack assigned a slightly higher CVSS score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

This vulnerability allows authenticated attackers with contributor-level access or higher to inject malicious scripts into the website. When executed, these scripts can potentially lead to various malicious activities including redirects, unauthorized advertisements, and other HTML payload executions when visitors access the affected pages (Patchstack).

The vulnerability has been patched in version 2.5.16 of the Sky Addons for Elementor plugin. Users are advised to update to this version or later to remediate the security issue (Patchstack).