CVE-2024-12515: 
WordPress vulnerability analysis and mitigation

The Muslim Prayer Time-Salah/Iqamah plugin for WordPress contains a Stored Cross-Site Scripting vulnerability (CVE-2024-12515) affecting all versions up to and including 1.8.8. The vulnerability was discovered and reported by Wordfence, with a CVSS v3.1 base score of 6.4 (Medium) (NVD, Wordfence).

The vulnerability exists due to insufficient input sanitization and output escaping in the Masjid ID parameter. This security flaw is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability has been assigned a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, and required low privileges (NVD).

The vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page, potentially compromising user data or enabling other client-side attacks (NVD).

Users should update to a version newer than 1.8.8 of the Muslim Prayer Time-Salah/Iqamah plugin to address this vulnerability. If immediate updating is not possible, consider restricting access to the affected parameter or implementing additional input validation (WordPress Plugin).