CVE-2024-30192: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in GS Plugins GS Pins for Pinterest versions through 1.8.2. The vulnerability was discovered on February 29, 2024, and publicly disclosed on March 25, 2024. This security issue affects the WordPress plugin and requires Contributor or higher privileges to exploit (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) with a CVSS v3.1 Base Score of 5.9 (Medium) according to CISA-ADP's assessment. The vulnerability vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L (NVD).

This vulnerability could allow a malicious actor with Contributor or higher privileges to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack).

The vulnerability has been fixed in version 1.8.3 of the plugin. Users are advised to update to version 1.8.3 or later to remove the vulnerability. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).