CVE-2024-51642: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in webhostri Seo Free WordPress plugin that allows Stored Cross-Site Scripting (XSS). This vulnerability affects versions up to 1.4 of the Seo Free plugin. The vulnerability was publicly disclosed on November 1, 2024, and was assigned CVE-2024-51642 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery). The issue allows unauthenticated attackers to perform CSRF attacks that can lead to stored XSS (Patchstack).

If successfully exploited, this vulnerability could allow attackers to force higher privileged users to execute unwanted actions under their current authentication. The combination of CSRF with stored XSS could potentially lead to more severe impacts on affected WordPress installations (Patchstack).

Currently, there is no official fix available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until an official fix becomes available (Patchstack).