CVE-2024-52343: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in OS Pricing Tables WordPress plugin versions up to 1.2. The vulnerability was identified on October 30, 2024, and publicly disclosed on November 8, 2024. This security issue affects the OS Pricing Tables plugin developed by Offshorent Softwares Pvt. Ltd. | Jinesh.P.V, allowing for stored XSS attacks (Patchstack, Wordfence).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has been assigned a CVSS v3.1 base score of 6.5 (Medium severity). The attack vector requires network access (AV:N) with low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C) with low impacts on confidentiality, integrity, and availability (C:L/I:L/A:L) (Patchstack).

The vulnerability could allow a malicious actor to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site. The attack requires at least Contributor-level privileges to exploit (Patchstack).

As of November 2024, no official fix is available for this vulnerability. The issue affects all versions up to and including version 1.2 of the OS Pricing Tables plugin (Patchstack).

The vulnerability was initially discovered by researcher SOPROBRO and was subsequently verified and published by Patchstack. Early warning notifications were sent to Patchstack customers on November 8, 2024 (Patchstack).