CVE-2024-51700: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting vulnerability was identified in NAVER Analytics WordPress plugin versions 0.9 and below. The vulnerability was discovered by 渡辺康介 and was assigned CVE-2024-51700 on January 3, 2025. This security issue affects the plugin's web page generation functionality, specifically related to input neutralization (Patchstack).

The vulnerability has been assigned a CVSS score of 7.1 (Low severity) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The issue stems from improper neutralization of input during web page generation, which can lead to Cross-site Scripting attacks. The vulnerability is classified under the OWASP Top 10 category A3: Injection (Patchstack, Wordfence).

The vulnerability allows malicious actors to force higher privileged users to execute unwanted actions under their current authentication through CSRF attacks, which can then lead to stored XSS attacks. The impact is considered low severity but could potentially affect website security and user data (Patchstack).

No official fix is currently available for this vulnerability. The recommended mitigation strategy is to remove and replace the software with an alternative solution, as the plugin is considered abandoned and unlikely to receive further updates or security fixes (Patchstack).