CVE-2024-51635: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability in Garmur While Loading WordPress plugin allows Stored Cross-Site Scripting (XSS). The vulnerability affects While Loading plugin versions through 3.0, with no official fix currently available. The vulnerability was discovered and reported by SOPROBRO on October 11, 2024, and was assigned CVE-2024-51635 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under OWASP Top 10 category A1: Broken Access Control. The issue allows unauthenticated attackers to perform Cross-Site Request Forgery attacks that can lead to stored Cross-Site Scripting (Patchstack).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The combination of CSRF and stored XSS could potentially lead to compromised user accounts and unauthorized actions being performed on the affected WordPress installations (Patchstack).

While no official fix is currently available, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks. Website administrators using the affected plugin versions are advised to implement the virtual patch through Patchstack's security solution until an official update becomes available (Patchstack).