CVE-2024-11435: 
WordPress vulnerability analysis and mitigation

The salavat counter Plugin for WordPress contains a Reflected Cross-Site Scripting vulnerability (CVE-2024-11435) affecting all versions up to and including 0.9.1. The vulnerability was discovered and disclosed on November 21, 2024, and stems from insufficient input sanitization and output escaping in the plugin's functionality (NVD Database).

The vulnerability is specifically related to the 'page' parameter in the plugin, which lacks proper input sanitization and output escaping. It has been assigned a CVSS v3.1 Base Score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD Database, Wordfence Intel).

The vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages that will execute when users perform specific actions, such as clicking on a malicious link. This can lead to the compromise of user sessions and potential theft of sensitive information (NVD Database).

Users should update their salavat counter Plugin to a version newer than 0.9.1 to address this vulnerability. The issue has been identified in the plugin's source code at wp-table-class.php (WordPress Plugin).