CVE-2024-50462: 
WordPress vulnerability analysis and mitigation

The Interactive World Map plugin for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2024-50462. This security issue affects versions up to and including 3.4.4 of the plugin, with a fix available in version 3.4.8. The vulnerability was discovered by researcher Sc1duck and publicly disclosed on October 24, 2024 (Patchstack).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue (CWE-79) due to insufficient input sanitization and output escaping. It has received a CVSS v3.1 score of 6.5 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an injected page, potentially leading to unauthorized data access, session hijacking, or other malicious activities (WPScan).

Site administrators are advised to update the Interactive World Map plugin to version 3.4.8 or later, which contains the security fix for this vulnerability. This is considered a low-priority update but should be implemented as part of regular security maintenance (Patchstack).