CVE-2024-44061: 
WordPress vulnerability analysis and mitigation

A Cross-Site Scripting (XSS) vulnerability was discovered in WPFactory EU/UK VAT Manager for WooCommerce plugin affecting versions through 2.12.14. The vulnerability was identified as an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) issue (NVD, Patchstack).

The vulnerability has been assigned CVE-2024-44061 and is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) by NIST and CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page) by Patchstack. The vulnerability received a CVSS v3.1 base score of 6.1 (MEDIUM) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it at 7.1 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability allows attackers to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website, which will be executed when visitors access the site (Patchstack).

Users are advised to update to version 3.0.0 or later to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking attacks until users update to a fixed version (Patchstack).