CVE-2024-51645: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in the ThemeFuse Maintenance Mode WordPress plugin, affecting versions up to 1.1.3. The vulnerability was reported on October 12, 2024, and publicly disclosed on November 1, 2024. This security issue allows for Stored Cross-Site Scripting (XSS) attacks through CSRF (Patchstack).

The vulnerability has been assigned CVE-2024-51645 and received a CVSS v3.1 base score of 7.1 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and requires no authentication to exploit, though user interaction is required (Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The combination of CSRF with Stored XSS capabilities increases the potential impact, as it could lead to persistent malicious code execution in the context of other users' browsers (Patchstack).

Currently, no official fix is available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until an official fix becomes available. Website owners using the affected plugin versions are advised to implement the virtual patching solution (Patchstack).