CVE-2024-51587: 
WordPress vulnerability analysis and mitigation

CVE-2024-51587 is a Stored Cross-Site Scripting (XSS) vulnerability discovered in Softfirm's Definitive Addons for Elementor WordPress plugin. The vulnerability affects versions up to 1.5.16 and was disclosed on October 31, 2024 (Patchstack).

The vulnerability is classified as a CWE-79 (Improper Neutralization of Input During Web Page Generation) issue. It has received a CVSS v3.1 base score of 5.4 (Medium) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Patchstack assigned it a slightly higher CVSS score of 6.5 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability allows attackers with contributor-level privileges or higher to inject malicious scripts into the website. When executed, these scripts can potentially lead to redirects, unauthorized advertisements, and other malicious HTML payloads that affect visitors to the affected website (Patchstack).

As of the disclosure date, no official fix has been released for this vulnerability. The issue affects versions up to 1.5.16 of the Definitive Addons for Elementor plugin (Patchstack).