CVE-2024-24927: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in UnitedThemes Brooklyn Creative Multi-Purpose Responsive WordPress Theme, affecting versions up to and including 4.9.7.6. The vulnerability was publicly disclosed on February 9, 2024, and was assigned CVE-2024-24927 (NVD, Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and received a CVSS v3.1 base score of 6.1 (Medium) from NIST and 7.1 (High) from Patchstack. The vulnerability stems from insufficient input sanitization and output escaping in an unknown parameter (WPScan).

This vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages that will execute when users perform specific actions, such as clicking on a malicious link. The successful exploitation could lead to the injection of malicious scripts, redirects, advertisements, and other HTML payloads into the website (Patchstack).

Users are advised to update to version 4.9.9.3 or later, which contains the fix for this vulnerability. For immediate protection, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until the update can be applied (Patchstack).