CVE-2024-11107: 
WordPress vulnerability analysis and mitigation

The System Dashboard WordPress plugin versions before 2.8.15 contains a Cross-Site Scripting (XSS) vulnerability. This security issue was discovered and reported by Dogus Demirkiran, and was assigned CVE-2024-11107. The vulnerability affects the plugin's handling of parameters in page output, potentially exposing websites to XSS attacks from unauthenticated users (WPScan).

The vulnerability stems from improper sanitization and escaping of parameters when outputting them in the page. The issue has been assigned a CVSS 3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility with low attack complexity and no privileges required (NVD).

When exploited, this vulnerability allows unauthenticated users to perform Cross-Site Scripting attacks. The impact is particularly significant when accessing the page access logs feature, where malicious scripts can be executed in the context of an administrator's session (WPScan).

The vulnerability has been patched in version 2.8.15 of the System Dashboard plugin. Website administrators are strongly advised to update to this version or later to protect against potential XSS attacks (WPScan).