CVE-2024-51939: 
WordPress vulnerability analysis and mitigation

The Stylish Internal Links WordPress plugin through version 1.9 contains a DOM-Based Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered by researcher Zlrqh and was disclosed on November 8, 2024. This security issue affects the Stylish Internal Links plugin developed by Santhosh veer, impacting all versions up to and including 1.9 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) issue. It has been assigned CVE-2024-51939 and received a CVSS v3.1 base score of 6.5 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability is specifically categorized as DOM-Based XSS, which occurs due to insufficient input sanitization and output escaping (NVD).

The vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an injected page, potentially leading to session takeover and compromising the confidentiality and integrity of the website (WPScan).

Currently, there is no official fix available for this vulnerability. Given the low severity impact and unlikely exploitation scenario, Patchstack has marked this as a low-priority issue that does not require immediate virtual patching (Patchstack).