CVE-2024-47349: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in WPMobile.App affecting versions through 11.50. The vulnerability was discovered by Le Ngoc Anh and was disclosed on September 30, 2024 (Patchstack).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, specifically involving improper neutralization of input during web page generation. It has been assigned a CVSS v3.1 base score of 7.1 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is tracked as CWE-79 and requires no authentication to exploit (Patchstack).

This vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack).

The vulnerability has been fixed in version 11.51 of WPMobile.App. Users are advised to update to version 11.51 or later immediately to resolve the vulnerability. Patchstack has also issued a virtual patch to mitigate this issue by blocking any attacks until users can update to a fixed version (Patchstack).