CVE-2024-54230: 
WordPress vulnerability analysis and mitigation

A Cross-Site Scripting (XSS) vulnerability was discovered in WPRealizer Unlock Addons for Elementor plugin, identified as CVE-2024-54230. The vulnerability was discovered on December 5, 2024, affecting versions through 2.1.0. This security issue stems from improper neutralization of input during web page generation, specifically manifesting as a DOM-Based XSS vulnerability (Patchstack, WPScan).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 base score of 6.5 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L, indicating network accessibility, low attack complexity, and required low privileges with user interaction (Patchstack).

The vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an injected page, potentially leading to unauthorized actions, data theft, or site defacement (WPScan).

As of the vulnerability disclosure, no official fix has been released for this security issue. The vulnerability affects versions up to 2.1.0, and users are advised to monitor for updates (Patchstack).