CVE-2024-51798: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability has been identified in Surbma | Font Awesome WordPress plugin through version 3.0. The vulnerability was discovered and reported on November 8, 2024, and allows DOM-Based XSS attacks (Patchstack).

The vulnerability is classified as a DOM-Based Cross-site Scripting (XSS) issue with a CVSS v3.1 base score of 6.5 (Medium), indicating moderate severity. The vulnerability requires low attack complexity and user interaction for exploitation. The attack vector is network-based, and the scope is changed, with low impacts on confidentiality, integrity, and availability (Patchstack).

If exploited, this vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site (Patchstack).

Users are advised to update to version 3.1 or later of the Surbma | Font Awesome plugin to remediate this vulnerability. Patchstack users can enable auto-update functionality for vulnerable plugins as an additional security measure (Patchstack).