CVE-2024-51588: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in Themehat Super Addons for Elementor WordPress plugin, identified as CVE-2024-51588. The vulnerability affects versions through 1.0 and allows DOM-Based XSS through improper neutralization of input during web page generation. The issue was initially reported by researcher Gab on October 12, 2024, and was publicly disclosed on October 31, 2024 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L according to Patchstack's assessment. The National Vulnerability Database (NVD) rates it slightly lower at 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site. The attack requires user interaction and authenticated access with at least Contributor-level privileges (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).