CVE-2024-45459: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in PickPlugins Product Slider for WooCommerce plugin, affecting versions through 1.13.50. The vulnerability was identified on September 12, 2024, and was assigned CVE-2024-45459. This security flaw allows for improper neutralization of input during web page generation (Patchstack).

The vulnerability has received varying CVSS v3.1 severity ratings from different sources. The National Vulnerability Database (NVD) assigned it a base score of 6.1 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Patchstack rated it at 7.1 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

This Cross-Site Scripting vulnerability could enable malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into affected websites. These injected scripts would be executed when visitors access the compromised site (Patchstack).

The vulnerability has been patched in version 1.13.51 of the Product Slider for WooCommerce plugin. Users are advised to update to this version or later immediately. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).