CVE-2024-50545: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in Auburnforest's DataMentor WordPress plugin, affecting versions up to 1.7. The vulnerability was reported on October 18, 2024, and publicly disclosed on October 31, 2024. This DOM-Based XSS vulnerability requires contributor-level privileges or higher to exploit (Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction to exploit (NVD).

If exploited, this vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. The issue was initially reported to Patchstack customers as an early warning on October 31, 2024 (Patchstack).