This vulnerability (CVE-2024-35782) in Codeless Cowidgets – Elementor Addons is classified as CWE-79, indicating improper neutralization of input leading to stored Cross-site Scripting (XSS). It affects versions up to 1.1.1 and allows an attacker with low privileges to inject malicious scripts that execute when a user interacts with the affected content. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) reflects network attack vector, low attack complexity, low privileges required, user interaction needed, and impacts confidentiality, integrity, and availability partially. No patch or official remediation level has been disclosed by the vendor or authoritative sources.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to partial compromise of confidentiality, integrity, and availability of the system or user data. The attack requires user interaction and low privileges, limiting but not negating the risk. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution with untrusted input and consider disabling or limiting use of the affected plugin. Monitor vendor communications for updates on patches or mitigations.