CVE-2024-50437: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in the WordPress GeoDirectory plugin, identified as CVE-2024-50437. The vulnerability affects GeoDirectory versions up to 2.3.80 and was disclosed on October 24, 2024. This stored XSS vulnerability allows attackers to inject malicious scripts into web pages (Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 score of 6.5 (Medium). The attack vector requires low attack complexity and low privileges, with user interaction required. The scope is changed, and the impact affects confidentiality, integrity, and availability, all rated as low (Patchstack).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site, potentially compromising user security and website integrity (Patchstack).

The vulnerability has been patched in GeoDirectory version 2.3.81. Users are advised to update to version 2.3.81 or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack).