CVE-2024-56231: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was identified in Debuggers Studio SaasPricing WordPress plugin, tracked as CVE-2024-56231. The vulnerability affects versions through 1.1.4 and was discovered by researcher Gab on October 14, 2024, with public disclosure occurring on December 19, 2024. This DOM-Based XSS vulnerability affects the SaasPricing WordPress plugin, which is used for creating pricing tables and comparison charts (Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 base score of 6.5 (Medium). The attack vector is characterized by CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L, indicating that it requires network access, low attack complexity, low privileges, and user interaction (NVD).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site (Patchstack).

As of January 2025, no official fix has been made available for this vulnerability. The issue affects versions up to 1.1.4, and users are advised to monitor for updates from the plugin developer (Wordfence).