CVE-2024-52424: 
WordPress vulnerability analysis and mitigation

CVE-2024-52424 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in the wp-login customizer WordPress plugin version 1.0 and below, reported on November 13, 2024. The vulnerability allows for Stored Cross-Site Scripting (XSS) attacks in the plugin's functionality (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) by NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Patchstack rates it at 7.1 (High) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. This CSRF vulnerability potentially enables attackers to perform actions on behalf of authenticated users without their consent (Patchstack).

While no official fix is available, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks. The virtual patch provides temporary protection until an official fix becomes available and can be safely applied (Patchstack).