CVE-2024-0249: 
WordPress vulnerability analysis and mitigation

CVE-2024-0249 affects the Advanced Schedule Posts WordPress plugin through version 2.1.8. The vulnerability was discovered by Krzysztof Zając from CERT PL and was publicly disclosed on January 23, 2024. This security issue involves a Reflected Cross-Site Scripting (XSS) vulnerability that specifically impacts the plugin's parameter handling functionality (WPScan, CVE Mitre).

The vulnerability stems from improper sanitization and escaping of a parameter before it is output back in the page. A proof of concept demonstrates that the vulnerability can be triggered via the URL path '/wp-admin/admin.php?page=hasp-list&post-status=' with injected malicious script. The vulnerability has been assigned a CVSS score of 7.1 (High) and is classified under CWE-79 (WPScan).

The vulnerability allows attackers to execute cross-site scripting attacks specifically targeting high-privilege users such as administrators. This could potentially lead to unauthorized actions being performed with administrative privileges (WPScan, Wiz).

Currently, there is no known fix available for this vulnerability in the Advanced Schedule Posts plugin (WPScan).