CVE-2024-0187: 
WordPress vulnerability analysis and mitigation

The Community by PeepSo WordPress plugin before version 6.3.1.2 contains a Reflected Cross-Site Scripting (XSS) vulnerability identified as CVE-2024-0187. The vulnerability was discovered and publicly disclosed on January 9, 2024. The issue affects the WordPress plugin's core functionality and impacts systems running versions prior to 6.3.1.2 (WPScan, NVD).

The vulnerability stems from improper sanitization and escaping of various parameters and generated URLs before outputting them back as attributes. The CVSS v3.1 base score is 6.1 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

This vulnerability could be exploited against high-privilege users such as administrators. When successfully exploited, it allows attackers to execute cross-site scripting attacks, potentially leading to unauthorized access to sensitive information or manipulation of admin-level functionality (WPScan).

The vulnerability has been fixed in version 6.3.1.2 of the Community by PeepSo WordPress plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).