CVE-2024-51816: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Banner System WordPress plugin, tracked as CVE-2024-51816. The vulnerability affects versions through 1.0.0 of the Banner System plugin developed by Saul Morales Pacheco. The issue was discovered by researcher ghsinfosec and was publicly disclosed on November 8, 2024 (Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 base score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction to exploit (Patchstack).

The vulnerability could allow a malicious actor to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site. The impact is considered to have low severity but could affect the confidentiality, integrity, and availability of the system (Patchstack).

Currently, there is no official fix available for this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).