CVE-2024-44036: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Pierre Lebedel's Kodex Posts likes WordPress plugin, affecting versions through 2.5.0. The vulnerability was discovered and reported by researcher SOPROBRO on August 15, 2024, and was officially published on September 23, 2024 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). It requires administrator-level privileges to exploit (Patchstack).

If exploited, this vulnerability could allow a malicious actor with administrator access to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would then be executed when visitors access the affected site (Patchstack).

Currently, no official fix is available for this vulnerability. Given the requirement of administrator-level access and its low severity impact, Patchstack has deemed virtual patching unnecessary (Patchstack).