CVE-2024-7122: 
WordPress vulnerability analysis and mitigation

CVE-2024-7122 affects the Elementor Addon Elements plugin for WordPress, discovered and disclosed in August 2024. The vulnerability is present in all versions up to and including 1.13.6. This security issue impacts the plugin's multiple widgets functionality, affecting WordPress installations using this addon (NVD).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue (CWE-79) due to insufficient input sanitization and output escaping on user-supplied attributes across multiple widgets. The CVSS v3.1 base score is 5.4 (Medium) according to NIST's assessment, with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. Wordfence's assessment gives it a slightly higher CVSS score of 6.4 (Medium) (NVD).

When exploited, this vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses the compromised page, potentially leading to unauthorized data access or manipulation of user interactions (NVD).

Users should immediately update their Elementor Addon Elements plugin to version 1.13.7 or later, which contains the security fix. The vulnerability has been patched through improved input sanitization and output escaping mechanisms (WordPress Plugin).