CVE-2024-24879: 
WordPress vulnerability analysis and mitigation

The Link Library WordPress plugin contains a Reflected Cross-Site Scripting (XSS) vulnerability affecting versions up to and including 7.5.13. The vulnerability was discovered and reported on February 5, 2024, and was assigned CVE-2024-24879. The issue exists due to insufficient input sanitization and output escaping of the 'link_price' and 'link_tags' parameters (WPScan).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79). It received a CVSS v3.1 base score of 6.1 (MEDIUM) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it at 7.1 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages that will execute when users access them. This can occur if an attacker successfully tricks a user into performing an action such as clicking on a malicious link (Patchstack).

Users are advised to update to Link Library version 7.6 or later to resolve this vulnerability. Patchstack has also issued a virtual patch to mitigate this issue by blocking attacks until users can update to a fixed version (Patchstack).