CVE-2024-2484: 
WordPress vulnerability analysis and mitigation

The Orbit Fox by ThemeIsle plugin for WordPress (CVE-2024-2484) contains a Stored Cross-Site Scripting vulnerability affecting versions up to and including 2.10.34. The vulnerability exists in the Services and Post Type Grid widgets due to insufficient input sanitization and output escaping (NVD).

The vulnerability is classified as a CWE-79 (Improper Neutralization of Input During Web Page Generation) issue. It has received a CVSS v3.1 base score of 5.4 (MEDIUM) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Wordfence assigned a score of 6.4 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N (NVD).

When exploited, this vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses the injected page, potentially leading to unauthorized data access or manipulation (Wordfence).

Users should update their Orbit Fox by ThemeIsle plugin to a version newer than 2.10.34 to address this vulnerability. The fix has been implemented in subsequent versions through improved input sanitization and output escaping (WordPress Plugin).