CVE-2024-51638: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Awesome Shortcodes For Genesis WordPress plugin that allows Stored Cross-Site Scripting (XSS). The vulnerability affects versions through 1.1.8 of the plugin, with no official fix currently available. The issue was discovered and reported by SOPROBRO on October 11, 2024, and was publicly disclosed on November 1, 2024 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery). It allows unauthenticated attackers to potentially execute unwanted actions through CSRF attacks that can lead to stored XSS (Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication, potentially leading to stored cross-site scripting attacks. The security issue has been classified with low severity impact but still poses a risk to affected installations (Patchstack).

While no official fix is currently available, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks. Website administrators using the affected plugin versions are advised to implement the virtual patch until an official update becomes available (Patchstack).