CVE-2024-49308: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in Toast Plugins Animator, affecting versions through 3.0.11. The vulnerability was reported by security researcher Abdi Pranata on July 22, 2024, and was publicly disclosed on October 15, 2024. The vulnerability was assigned CVE-2024-49308 and affects the WordPress Animator – Scroll Triggered Animations plugin (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) issue, identified as CWE-79. It received a CVSS v3.1 base score of 7.1 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability can be exploited by unauthenticated attackers (Patchstack).

This vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the affected website. These injected scripts would be executed when guests visit the site, potentially compromising the security of both the website and its visitors (Patchstack).

Users are advised to update to version 3.0.16 or later to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to a fixed version (Patchstack).