CVE-2024-54329: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in Metup s.r.l. CleverNode Related Content plugin versions up to and including 1.1.5. The vulnerability was identified on December 11, 2024, and was assigned CVE-2024-54329. This security issue affects the WordPress plugin CleverNode Related Content, which allows for Reflected XSS attacks (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The issue is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). This vulnerability allows unauthenticated attackers to inject malicious scripts into vulnerable form fields (NVD).

The vulnerability could allow malicious actors to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site, potentially compromising user security and website integrity (Patchstack).

The vulnerability has been patched in version 1.1.6 of the CleverNode Related Content plugin. Users are advised to update to version 1.1.6 or later to resolve the vulnerability. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users update to a fixed version (Patchstack).