CVE-2024-29775: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Frontend Dashboard WordPress plugin, tracked as CVE-2024-29775. The vulnerability affects versions through 2.2.1 of the Frontend Dashboard plugin and was discovered on March 25, 2024. The issue allows authenticated users with Subscriber or higher privileges to perform stored XSS attacks (Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with potential impacts on confidentiality, integrity, and availability (Patchstack).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site, potentially compromising user data and website integrity (Patchstack).

Website administrators are advised to update the Frontend Dashboard plugin to version 2.2.2 or later, which contains the fix for this vulnerability. Patchstack has also issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).