CVE-2024-11379: 
WordPress vulnerability analysis and mitigation

The Broadcast plugin for WordPress (versions up to 51.01) contains a Reflected Cross-Site Scripting vulnerability identified as CVE-2024-11379. The vulnerability was discovered by researcher vgo0 and was publicly disclosed on December 5, 2024. This security issue specifically affects multi-site WordPress installations and is related to insufficient input sanitization and output escaping of the 'do_check' parameter (NVD NIST).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 Base Score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction, and can have cross-origin impacts (NVD NIST).

When successfully exploited, this vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages. These scripts will execute if targeted users can be tricked into performing specific actions, such as clicking on a malicious link. The impact is limited to multi-site WordPress installations (NVD NIST).

Users should update their Broadcast plugin to a version newer than 51.01 if available. The vulnerability has been identified in the maintenance controller component of the plugin, specifically in the source file at 'src/maintenance/controller.php' (WordPress Plugin).