CVE-2024-10519: 
WordPress vulnerability analysis and mitigation

The Wishlist for WooCommerce: Multi Wishlists Per Customer PRO plugin for WordPress contains a Reflected Cross-Site Scripting vulnerability (CVE-2024-10519) affecting versions 3.0.8 to 3.1.2. The vulnerability was discovered and disclosed on November 23, 2024, and affects WordPress installations with PHP versions <=7.4 (NVD).

The vulnerability exists due to insufficient input sanitization and output escaping of the 'wtab' parameter in the plugin. This security flaw has been assigned a CVSS v3.1 Base Score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) (NVD).

The vulnerability allows unauthenticated attackers to inject arbitrary web scripts that execute when users perform specific actions, such as clicking on a malicious link. This could potentially lead to the compromise of user sessions or the manipulation of website content for affected users (NVD).

The vulnerability has been addressed in newer versions of the plugin. Users should update to versions newer than 3.1.2 to protect against this security issue. Additionally, using PHP versions higher than 7.4 prevents the exploitation of this vulnerability (NVD).