CVE-2024-22163: 
WordPress vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability was discovered in Shield Security – Smart Bot Blocking & Intrusion Prevention Security WordPress plugin affecting versions up to 18.5.7. The vulnerability was reported on December 13, 2023, and publicly disclosed on January 16, 2024 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It has received a CVSS v3.1 base score of 7.1 HIGH from Patchstack and 6.1 MEDIUM from NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating it is network accessible, requires low attack complexity, and no privileges (NVD).

This vulnerability could allow an unauthenticated attacker to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would then be executed when visitors access the affected site (Patchstack).

Users are advised to update to version 18.5.8 or later to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).