CVE-2024-8440: 
WordPress vulnerability analysis and mitigation

The Essential Addons for Elementor WordPress plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in versions up to and including 6.0.3. The vulnerability exists due to insufficient input sanitization and output escaping on user supplied attributes, allowing authenticated attackers with contributor-level access or above to inject arbitrary web scripts that execute when users access affected pages (NVD).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue (CWE-79) affecting the Fancy Text widget component. The CVSS v3.1 base score is 5.4 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, and required user interaction (NVD).

Successful exploitation allows attackers with contributor-level access to inject malicious JavaScript code that executes in users' browsers when they visit affected pages. This could lead to data theft, session hijacking, and potential reputation damage (NVD).

Users should update to version 6.0.4 or later of the Essential Addons for Elementor plugin which contains fixes for this vulnerability. The patch is available through the WordPress plugin repository (WordPress Plugin).