CVE-2024-51713: 
WordPress vulnerability analysis and mitigation

The HQ60 Fidelity Card WordPress plugin version 1.8 and earlier contains a Reflected Cross-Site Scripting (XSS) vulnerability. This security issue was discovered and reported on October 23, 2024, and was publicly disclosed on November 4, 2024. The vulnerability has been assigned identifier CVE-2024-51713 and affects websites running the vulnerable plugin versions (Patchstack).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue that allows unauthenticated attackers to inject malicious scripts into web pages. It has been assigned a CVSS score of 7.1, indicating medium severity. The vulnerability enables attackers to inject various HTML payloads, including redirects and advertisements, which execute when visitors access the affected site (Patchstack).

The exploitation of this vulnerability could allow malicious actors to inject and execute arbitrary scripts in the context of visitors' browsers. This could lead to various attacks including session hijacking, defacement, or the delivery of malicious content to site visitors (Patchstack).

Currently, no official fix is available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement the virtual patch immediately to protect their sites (Patchstack).