CVE-2024-50535: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Kyle M. Brown Step by Step WordPress plugin through version 0.4.5. The vulnerability was discovered and reported on October 30, 2024, and was assigned CVE-2024-50535. This security issue affects the plugin's web page generation functionality and allows for stored XSS attacks (Patchstack).

The vulnerability has been classified with a CVSS v3.1 base score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The issue stems from improper neutralization of input during web page generation, specifically allowing for stored cross-site scripting attacks. The vulnerability requires contributor-level privileges or higher to exploit (NVD).

This vulnerability could allow malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site. The impact affects confidentiality, integrity, and availability at a low level for each aspect (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects versions through 0.4.5, and no patched version has been released yet (Patchstack).