1. What is this vulnerability and why does it matter?

This vulnerability, identified as CVE-2024-4564, is a Stored Cross-Site Scripting (XSS) flaw affecting the CoDesigner WooCommerce Builder for Elementor WordPress plugin. It matters because it allows authenticated attackers, specifically those with contributor-level access or higher, to inject malicious web scripts into web pages. These scripts will then execute in the browsers of other users who visit the compromised pages. This can lead to various client-side attacks such as session hijacking, defacement, redirection to malicious sites, or theft of sensitive user data, severely impacting the integrity and confidentiality of the affected WordPress site and its users.

2. What are the CVSS score, severity level, and disclosure details?

The CVSS score for this vulnerability is 6.4. Based on common CVSS v3 interpretations, this corresponds to a Medium severity level. The vulnerability was publicly disclosed (published) on June 12, 2024, at 03:33:14 UTC. The information regarding this CVE was last modified on April 8, 2026, at 16:45:00 UTC.

3. Which products, vendors, systems, and versions are affected?

4. What is the technical root cause and attack vector?

The technical root cause of CVE-2024-4564 is insufficient input sanitization and output escaping on user-supplied attributes within the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets. This failure allows malicious script code to be stored persistently within the website's database and subsequently rendered without proper neutralization. The attack vector involves an authenticated attacker with at least contributor-level access leveraging these vulnerable widgets to inject arbitrary web scripts into pages.

5. How can this vulnerability be exploited?

An authenticated attacker with contributor-level or higher permissions can exploit this vulnerability by crafting and injecting malicious script payloads into the vulnerable Shop Slider, Tabs Classic, or Image Comparison widgets provided by the CoDesigner plugin. Due to the lack of proper input sanitization and output escaping, these malicious scripts are stored in the website's database. When an unsuspecting user, including administrators, subsequently accesses a page containing one of these compromised widgets, the injected script will execute within their web browser, leading to client-side attacks.

6. What mitigation steps and patches are available?

The primary mitigation step is to update the "CoDesigner WooCommerce Builder for Elementor" plugin to a version beyond 4.4.1, as the vulnerability affects "all versions up to, and including, 4.4.1." Users should consult the official plugin changelog or update channels for the specific patched version that addresses this vulnerability. If an immediate update is not possible, minimizing user accounts with contributor-level access or higher, especially for untrusted individuals, can reduce the attack surface.

7. How can vulnerable systems be detected?

Vulnerable systems can be detected by identifying the installed version of the "CoDesigner WooCommerce Builder for Elementor" plugin. Any installation running version 4.4.1 or earlier is considered vulnerable to CVE-2024-4564. System administrators can check the plugin version through the WordPress admin dashboard (Plugins > Installed Plugins) or by directly examining the plugin's version file on the server.

8. What are the indicators of compromise (IOCs)?

Information on specific Indicators of Compromise (IOCs) for CVE-2024-4564 is not explicitly provided in the given CVE data. However, potential signs of compromise could include:

• Unexpected scripts or unusual content appearing on website pages that utilize the Shop Slider, Tabs Classic, or Image Comparison widgets.
• Unusual network requests originating from user browsers when visiting potentially affected pages.
• Unauthorized changes to website content, user accounts, or other administrative settings, particularly if a sophisticated XSS payload was used for session hijacking or privilege escalation.

9. Which threat actors are known to exploit this vulnerability?

The provided CVE data does not specify any known threat actors currently exploiting or historically associated with CVE-2024-4564.

10. What public intelligence references and advisories exist?

The primary public intelligence reference for this vulnerability is its Common Vulnerabilities and Exposures (CVE) identifier: CVE-2024-4564. Further detailed advisories and analyses would typically be found on the National Vulnerability Database (NVD) once the CVE is fully published there, as well as on the plugin vendor's official security advisories or changelog.

11. What is the risk assessment and urgency level?

The risk assessment for CVE-2024-4564 is Medium, as indicated by its CVSS score of 6.4. While exploitation requires an authenticated attacker with at least contributor-level access, the impact of a successful Stored XSS attack can be significant, potentially leading to client-side code execution, session hijacking, data theft, and website defacement. The urgency level is Moderate to High. Organizations using the affected plugin should prioritize updating to a patched version immediately. Although it requires authentication, the widespread use of WordPress and the Elementor ecosystem, combined with potentially numerous users having contributor or higher roles, increases the likelihood and potential impact of exploitation. Therefore, timely remediation is crucial to prevent unauthorized script execution and protect user data and website integrity.