CVE-2024-51902: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Oliver Schaal's TinyCode WordPress plugin, tracked as CVE-2024-51902. The vulnerability affects versions through 1.2.1 and was discovered by researcher SOPROBRO. The issue was initially reported on October 28, 2024, and was publicly disclosed on November 8, 2024 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) issue. It has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires contributor-level privileges or higher to exploit (Patchstack).

This vulnerability could allow malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site (Patchstack).

Currently, no official fix is available for this vulnerability. The issue affects TinyCode versions up to 1.2.1, and users are advised to implement general XSS prevention measures until a patch is released (Patchstack).