CVE-2024-24713: 
WordPress vulnerability analysis and mitigation

A Stored Cross-site Scripting (XSS) vulnerability was discovered in the WP Auto Listings Auto Listings – Car Listings & Car Dealership Plugin for WordPress, affecting versions through 2.6.5. The vulnerability was reported by resecured.io on November 29, 2023, and was officially published on January 31, 2024 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') issue. It has been assigned a CVSS score of 6.5, indicating a low to moderate severity level. The vulnerability falls under the OWASP Top 10 category A3: Injection (Patchstack).

This vulnerability could allow malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site (Patchstack).

The vulnerability has been fixed in version 2.6.6 of the plugin. Users are advised to update to version 2.6.6 or later to remove the vulnerability. Patchstack users have the additional option to enable auto-update for vulnerable plugins (Patchstack).