CVE-2024-51862: 
WordPress vulnerability analysis and mitigation

The Google Visualization Charts WordPress plugin version 0.1 and earlier contains a Stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered on November 8, 2024, and affects all versions of the plugin through version 0.1. This security issue allows authenticated users with contributor-level access or higher to inject malicious scripts into web pages (WPScan, Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has been assigned a CVSS v3.1 score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The issue stems from insufficient input sanitization and output escaping in the plugin's functionality (NVD).

When exploited, this vulnerability allows authenticated attackers to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an injected page, potentially leading to data theft, session hijacking, or other malicious actions (Patchstack).

Currently, there is no official fix available for this vulnerability. Site administrators should consider either removing the plugin or implementing additional security controls to restrict access to contributor-level accounts (Patchstack).