CVE-2021-24659: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2021-24659 affects the PostX – Gutenberg Blocks for Post Grid WordPress plugin versions before 2.4.10. The vulnerability was discovered and publicly disclosed on August 26, 2021, by security researcher apple502j. This security flaw allows users with a role as low as Contributor to perform Stored Cross-Site Scripting (XSS) attacks via the plugin's block (WPScan).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, and required user interaction (NVD).

The vulnerability allows malicious actors with Contributor-level access to store and execute cross-site scripting attacks through the plugin's block functionality. This could potentially lead to unauthorized access to sensitive information and compromise of user sessions (WPScan).

The vulnerability has been fixed in version 2.4.10 of the PostX – Gutenberg Blocks for Post Grid plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).