CVE-2024-3997 is a stored cross-site scripting vulnerability classified under CWE-79, found in the Prime Slider – Addons For Elementor plugin for WordPress, which includes features like Revolution of a slider, Hero Slider, and Ecommerce Slider. The vulnerability affects all versions up to and including 3.14.1. It arises from insufficient sanitization and escaping of user-supplied input within the plugin's Pagepiling widget, allowing authenticated users with contributor-level permissions or higher to inject arbitrary JavaScript code into pages. These scripts are stored persistently and executed whenever any user accesses the compromised page, potentially leading to session hijacking, defacement, or unauthorized actions performed in the context of the victim’s browser. The CVSS v3.1 base score is 6.4, reflecting a medium severity with network attack vector, low attack complexity, and requiring privileges but no user interaction. The scope is changed, indicating that the vulnerability affects components beyond the initially vulnerable module. No patches or known exploits have been publicly disclosed at the time of publication, but the vulnerability's presence in a widely used WordPress plugin makes it a notable risk. The attack requires authenticated access at contributor level, which limits immediate exploitation but still poses a significant threat in environments with multiple users or weak access controls.

The impact of CVE-2024-3997 includes potential partial loss of confidentiality and integrity for affected WordPress sites. Attackers can inject malicious scripts that execute in the browsers of site visitors or administrators, enabling session hijacking, theft of sensitive information, unauthorized actions, or site defacement. While availability is not directly affected, the injected scripts could be used to facilitate phishing or malware distribution, indirectly harming site reputation and user trust. Organizations with multi-user WordPress environments or those allowing contributor-level access to untrusted users are at higher risk. The vulnerability could be leveraged to escalate attacks within an organization’s web infrastructure, potentially leading to broader compromise. Given the widespread use of Elementor and its addons, many websites globally could be impacted, especially those that do not promptly update or implement mitigations. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, as attackers may develop exploits following public disclosure.

To mitigate CVE-2024-3997, organizations should immediately update the Prime Slider – Addons For Elementor plugin to a version that addresses this vulnerability once available. Until a patch is released, restrict contributor-level and higher access to trusted users only, minimizing the risk of malicious script injection. Implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns targeting the Pagepiling widget parameters. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. Regularly audit user permissions and monitor logs for unusual activity related to plugin usage. Additionally, sanitize and validate all user inputs at the application level and consider disabling or removing the vulnerable widget if not essential. Educate site administrators about the risks of granting contributor access and encourage the use of multi-factor authentication to reduce account compromise risks.