The vulnerability CVE-2024-53786 affects the Cowidgets – Elementor Addons plugin by Codeless, specifically versions up to 1.2.0. It is a stored cross-site scripting (XSS) flaw caused by improper neutralization of input during web page generation, which can lead to the injection and execution of malicious scripts. The CVSS v3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, requiring low privileges and user interaction, and impacts on confidentiality, integrity, and availability. No patch or official fix has been documented in the provided data.

Successful exploitation of this stored XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected website, potentially leading to data disclosure, modification, or disruption of service. The impact affects confidentiality, integrity, and availability to a limited extent as indicated by the CVSS vector. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or removing the affected plugin version or applying any recommended temporary mitigations from the vendor. Avoiding untrusted input and limiting user privileges may reduce risk but do not fully mitigate the vulnerability.