CVE-2024-49280: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Weblizar Lightbox slider – Responsive Lightbox Gallery WordPress plugin, identified as CVE-2024-49280. The vulnerability affects versions through 1.10.2 and was discovered by Robert DeVore, with public disclosure occurring on October 15, 2024 (Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 base score of 6.5 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L, indicating network accessibility, low attack complexity, and required low privileges (WPScan).

The vulnerability allows authenticated attackers with author-level access and above to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an injected page, potentially leading to compromised user interactions and data exposure (Patchstack).

As of the latest reports, there is no official fix available for this vulnerability. The issue affects versions up to 1.10.2, and users are advised to implement additional security measures or consider alternative plugins until a patch is released (Patchstack).