CVE-2024-54228: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was identified in WebOccult Technologies Pvt Ltd's Wot Elementor Widgets plugin, affecting versions through 1.0.1. The vulnerability was discovered by researcher Gab and was disclosed on December 5, 2024. This security issue has been assigned the identifier CVE-2024-54228 (Patchstack, NVD).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation, specifically a DOM-Based XSS (CWE-79). It has received a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L, indicating that it requires low attack complexity and limited privileges to exploit (Patchstack).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site (Patchstack).

Currently, no official fix is available for this vulnerability. The issue affects versions up to 1.0.1 of the Wot Elementor Widgets plugin (Patchstack).