CVE-2024-24865: 
WordPress vulnerability analysis and mitigation

The Scroll Triggered Box WordPress plugin contains a Stored Cross-Site Scripting (XSS) vulnerability (CVE-2024-24865) affecting versions up to and including 2.3. The vulnerability was discovered by researcher Savphill and publicly disclosed on February 2, 2024. This security issue affects the Noah Kagan Scroll Triggered Box plugin for WordPress and requires editor-level access or higher privileges to exploit (Patchstack, WPScan).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The issue stems from insufficient input sanitization and output escaping in the plugin's functionality (NVD).

When exploited, this vulnerability allows authenticated attackers with editor-level access to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page, potentially leading to various attacks including redirects, unauthorized advertisements, and other malicious HTML payload executions (Patchstack).

Currently, there is no known official fix available for this vulnerability. Users of the Scroll Triggered Box plugin should consider implementing additional security measures or potentially removing the plugin until a patch is released (Patchstack).