CVE-2024-54427: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in Linda MacPhee-Cobb's Category of Posts WordPress plugin, identified as CVE-2024-54427. The vulnerability affects all versions through 1.0 and allows for Stored Cross-Site Scripting (XSS) attacks. This security issue was discovered and reported by SOPROBRO, with public disclosure occurring on December 16, 2024 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The issue is classified under CWE-352 (Cross-Site Request Forgery) and allows unauthenticated attackers to perform CSRF attacks that can lead to stored XSS (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The attack can potentially lead to data compromise, as it combines CSRF with stored XSS capabilities (Patchstack).

Currently, there is no official fix available for this vulnerability. The security issue has been classified as having a low priority for virtual patching, though website administrators should consider implementing general CSRF protections and reviewing their XSS prevention measures (Patchstack).