CVE-2024-5032: 
WordPress vulnerability analysis and mitigation

The SULly WordPress plugin before version 4.3.1 contains a Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered on June 22, 2024, and was assigned CVE-2024-5032. This security issue affects the plugin's dashboard functionality and could potentially be exploited against high-privilege users such as administrators (WPScan, NVD).

The vulnerability stems from improper parameter sanitization and escaping in the plugin's dashboard functionality. When certain parameters are output back to the page, they are not properly sanitized, allowing for the injection of malicious scripts. The vulnerability has been assigned a CVSS score of 7.1 (high) by WPScan and 4.7 (medium) by CISA-ADP with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N (WPScan, NVD).

The vulnerability allows attackers to execute arbitrary JavaScript code in the context of the victim's browser session. Since this affects high-privilege users such as administrators, successful exploitation could lead to unauthorized actions being performed with administrative privileges (WPScan).

The vulnerability has been fixed in version 4.3.1 of the SULly WordPress plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).