CVE-2024-0251: 
WordPress vulnerability analysis and mitigation

The Advanced Woo Search plugin for WordPress contains a Reflected Cross-Site Scripting vulnerability (CVE-2024-0251) that affects all versions up to and including 2.96. The vulnerability exists due to insufficient input sanitization and output escaping in the search parameter. This vulnerability only affects sites when the Dynamic Content for Elementor plugin is also installed (NVD).

The vulnerability is classified as a Cross-Site Scripting (CWE-79) issue with a CVSS v3.1 base score of 6.1 (Medium), using the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability stems from improper neutralization of input during web page generation, allowing for potential script injection through the search parameter (NVD).

When exploited, this vulnerability allows unauthenticated attackers to inject arbitrary web scripts that execute when users perform certain actions, such as clicking on a malicious link. The impact is limited to scenarios where both the Advanced Woo Search plugin and the Dynamic Content for Elementor plugin are installed (NVD).

Users should upgrade their Advanced Woo Search plugin to a version newer than 2.96 to address this vulnerability. The issue has been fixed in subsequent releases (NVD).