CVE-2024-4329 is a stored cross-site scripting vulnerability identified in the Thim Elementor Kit plugin for WordPress, affecting all versions up to and including 1.1.9. The root cause is insufficient sanitization and escaping of the 'id' parameter during web page generation, which allows authenticated users with contributor-level privileges or higher to inject arbitrary JavaScript code into pages. This malicious code is stored persistently and executed in the browsers of any users who visit the infected pages. The vulnerability leverages CWE-79, indicating improper neutralization of input during web page generation. Exploitation does not require user interaction but does require authenticated access, limiting the attacker to users with some level of trust within the WordPress environment. The vulnerability has a CVSS 3.1 base score of 6.4, reflecting a medium severity with network attack vector, low attack complexity, and privileges required. The scope is changed because the vulnerability affects resources beyond the attacker’s control by impacting other users who view the injected content. No public exploits have been reported yet, but the risk remains significant due to the widespread use of WordPress and the plugin. The vulnerability can lead to theft of session cookies, defacement, or further attacks such as privilege escalation or malware distribution.

The impact of CVE-2024-4329 is primarily on the confidentiality and integrity of affected WordPress sites. Attackers with contributor-level access can inject malicious scripts that execute in the browsers of site visitors, potentially stealing session tokens, performing actions on behalf of users, or redirecting users to malicious sites. This can lead to account compromise, data leakage, and erosion of user trust. Since the vulnerability does not affect availability directly, denial-of-service is less likely. However, the ability to execute arbitrary scripts can facilitate further attacks, including privilege escalation and persistent backdoors. Organizations running websites with the Thim Elementor Kit plugin are at risk of reputational damage and regulatory consequences if user data is compromised. The medium CVSS score reflects that exploitation requires some level of authenticated access, which limits the attacker pool but does not eliminate risk, especially in environments with many contributors or less stringent access controls.

To mitigate CVE-2024-4329, organizations should immediately update the Thim Elementor Kit plugin to a version where this vulnerability is fixed once available. In the absence of an official patch, administrators should restrict contributor-level access to trusted users only and review user roles to minimize the number of users with such privileges. Implementing a Web Application Firewall (WAF) with custom rules to detect and block suspicious payloads targeting the 'id' parameter can reduce risk. Additionally, enabling Content Security Policy (CSP) headers can help mitigate the impact of injected scripts by restricting script execution sources. Regularly auditing plugin usage and monitoring logs for unusual activity related to page edits or injections is recommended. Finally, educating contributors about secure input handling and monitoring for unauthorized content changes can help detect exploitation attempts early.