CVE-2024-54299: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in Revi.io (Customer & Product Reviews) WordPress plugin versions up to and including 5.7.3. The vulnerability was disclosed on December 11, 2024, and assigned identifier CVE-2024-54299. This security issue affects the Revi.io WordPress plugin, which is used for managing customer and product reviews (Patchstack).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, specifically of the reflected type. It has been assigned a CVSS v3.1 base score of 7.1 (High), with the following vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability falls under the CWE-79 category: Improper Neutralization of Input During Web Page Generation (NVD).

If exploited, this vulnerability could allow malicious actors to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site, potentially compromising user security and website integrity (Patchstack).

The vulnerability has been patched in version 5.8.0 of the Revi.io plugin. Website administrators are advised to update to version 5.8.0 or later immediately. For Patchstack users, a virtual patch has been issued to mitigate this issue by blocking any attacks until the update to a fixed version can be completed (Patchstack).