CVE-2024-12715: 
WordPress vulnerability analysis and mitigation

The Asgard Security Scanner WordPress plugin through version 0.7 contains a Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered by Hassan Khan Yusufzai and was publicly disclosed on December 19, 2024. This security issue affects high-privilege users such as administrators of WordPress installations using the vulnerable plugin version (WPScan).

The vulnerability stems from improper sanitization and escaping of a parameter before it is output back in the page. The issue has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

A successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected interface when a high-privilege user, such as an administrator, accesses a specially crafted URL. This could potentially lead to unauthorized access to sensitive browser-based information (WPScan).

Currently, there is no known fix available for this vulnerability. Users of the Asgard Security Scanner WordPress plugin should consider updating to a newer version when available or implementing alternative security measures (WPScan).